This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author xcl
Recipients xcl
Date 2020-06-22.07:59:07
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1592812748.09.0.71716339611.issue41072@roundup.psfhosted.org>
In-reply-to
Content 
Open source software introduced passively in Python 3.8.3:
sqlite3(Documents involved sqlite3.dll),involve CVE-2020-11656,CVE-2020-11655,CVE-2020-13630,CVE-2020-13871,CVE-2020-9327,CVE-2020-13434,CVE-2020-13435,CVE-2020-13631,CVE-2020-13632
zlib 1.2.3(Documents involved wininst-7.1.exe、wininst-6.0.exe、wininst-9.0.exe、wininst-8.0.exe、wininst-9.0-amd64.exe).involve CVE-2016-9841,CVE-2016-9843,CVE-2016-9840,CVE-2016-9842
zlib 1.2.5(Documents involved wininst-14.0.exe、wininst-14.0-amd64.exe).involve CVE-2016-9841,CVE-2016-9843,CVE-2016-9840,CVE-2016-9842

zlib 1.2.8(Documents involved wininst-10.0.exe、wininst-10.0-amd64.exe).involve CVE-2016-9841,CVE-2016-9843,CVE-2016-9840,CVE-2016-9842
bzip2 1.0.6(Documents involved _bz2.pyd).involve CVE-2016-9841,CVE-2016-9843,CVE-2016-9840,CVE-2016-9842
openssl 1.1.1d(Documents involved _psycopg.cp38-win_amd64.pyd、_openssl.cp38-win_amd64.pyd).involve CVE-2020-1967,CVE-2019-1551
openssl 1.1.1f(Documents involved	libcrypto-1_1.dll、libssl-1_1.dll).involve CVE-2020-1967
Does the above vulnerability pose a security risk to products using python 3.8.3, or is there a fix
History
Date User Action Args
2020-06-22 07:59:08xclsetrecipients: + xcl
2020-06-22 07:59:08xclsetmessageid: <1592812748.09.0.71716339611.issue41072@roundup.psfhosted.org>
2020-06-22 07:59:08xcllinkissue41072 messages
2020-06-22 07:59:07xclcreate