classification
Title: Cpython/Lib vulnerability found and request a patch submission
Type: security Stage:
Components: Library (Lib) Versions: Python 3.8, Python 3.7, Python 3.6, Python 3.4, Python 3.5
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: 18z, krnick, vstinner, xtreak
Priority: normal Keywords:

Created on 2019-03-11 07:16 by krnick, last changed 2019-03-13 05:39 by 18z.

Messages (4)
msg337650 - (view) Author: JUN-WEI SONG (krnick) * Date: 2019-03-11 07:16
Dear Python Community, 

We’ve found a vulnerability in cpython Lib and already received a cve number (CVE-2019-9674)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674

We also have a patch for this vulnerability, please tell us what to do next.
Since we don’t want to uncover the vulnerability before it get fixed.

JUN-WEI SONG
msg337651 - (view) Author: KunYu Chen (18z) * Date: 2019-03-11 07:19
Dear community,

I am one of the discoverer of this vulnerability, please tell us what to do next :D 

Kunyu Chen
msg337652 - (view) Author: Karthikeyan Singaravelan (xtreak) * (Python triager) Date: 2019-03-11 07:22
You can find the process to report security vulnerabilities at https://www.python.org/news/security/ . Please email the details to security@python.org and who will analyze the report before public disclosure.
msg337835 - (view) Author: KunYu Chen (18z) * Date: 2019-03-13 05:39
Thank you Karthikeyan Singaravelan.
We're working on it :D

Kunyu Chen
History
Date User Action Args
2019-03-13 05:39:0818zsetmessages: + msg337835
2019-03-11 09:17:13vstinnersetnosy: + vstinner
2019-03-11 07:22:30xtreaksetnosy: + xtreak
messages: + msg337652
2019-03-11 07:19:4118zsetnosy: + 18z
messages: + msg337651
2019-03-11 07:16:58krnickcreate