Message 360999 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	steve.dower
Recipients	anthonywee, eryksun, jkloth, ned.deily, paul.moore, steve.dower, tim.golden, vstinner, zach.ware
Date	2020-01-30.00:42:40
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1580344961.04.0.833987611632.issue39401@roundup.psfhosted.org>
In-reply-to

Content
> I added https://python-security.readthedocs.io/vuln/unsafe-dll-load-windows-7.html to track fixes in all branches. Thanks, Victor! Python 2.7 and 3.5 are not vulnerable. The issue was added in 3.6 when I added support for installing Python into a long path name on up-to-date OS, which required dynamically loading an OS function. That dynamic load was the problem.

> I added https://python-security.readthedocs.io/vuln/unsafe-dll-load-windows-7.html to track fixes in all branches.

Thanks, Victor!

Python 2.7 and 3.5 are not vulnerable. The issue was added in 3.6 when I added support for installing Python into a long path name on up-to-date OS, which required dynamically loading an OS function. That dynamic load was the problem.

History
Date	User	Action	Args
2020-01-30 00:42:41	steve.dower	set	recipients: + steve.dower, paul.moore, vstinner, tim.golden, jkloth, ned.deily, zach.ware, eryksun, anthonywee
2020-01-30 00:42:41	steve.dower	set	messageid: <1580344961.04.0.833987611632.issue39401@roundup.psfhosted.org>
2020-01-30 00:42:41	steve.dower	link	issue39401 messages
2020-01-30 00:42:40	steve.dower	create