New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update zlib to 1.2.11 #73355
Comments
These are the changes updating zlib from 1.2.8 to 1.2.10. It is only used when building without a system zlib. The new release includes fixes for security issues CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843. Intending to update all active branches. Larry, is it ok to add this before the upcoming 3.4 and 3.5 releases, or should it wait? Changes in 1.2.10 (2 Jan 2017)
Changes in 1.2.9 (31 Dec 2016)
|
New changeset ed172054a812 by doko in branch '2.7':
|
I cut 3.4.6rc1 and 3.5.3rc1 a couple of days ago. Do you think the CVEs are bad enough to warrant cherry-picking this? A quick google suggests they were all low severity: http://www.openwall.com/lists/oss-security/2016/12/05/21 I'm inclined to not cherry-pick this, which means it'd ship in 3.5.4 and 3.4.7, probably in six months. |
I concur. Looking at the CVEs, these all seem minor and not exploitable through the Python interface. |
ok, will wait with the commits until after the releases. |
plus the update to 1.2.11 |
New changeset 0136c99a9795 by doko in branch '2.7':
|
New changeset c8c1f08428cb by doko in branch '3.5':
|
now updated all active branches to 1.2.11 |
Misc/NEWS (and the commit message) say 1.2.10. Perhaps you meant 1.2.11? |
New changeset 7b279c263708 by doko in branch '3.5': |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: