This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author gregory.p.smith
Recipients gregory.p.smith, lukasz.langa, ned.deily, pablogsal, paul.moore, steve.dower, tim.golden, zach.ware
Date 2022-04-01.19:25:42
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1648841142.75.0.617699188947.issue47194@roundup.psfhosted.org>
In-reply-to
Content
zlib v1.2.11 as used in Windows binary releases contains a security issue that, while fixed in its git repo years ago, never wound up in a release or a CVE until just now.

Folllow the https://www.openwall.com/lists/oss-security/2022/03/24/1 thread and the and recently assigned CVE-2018-25032.

I believe we only ship our own zlib on Windows so this issue is tagged as such.  The above oss-security thread is where an idea of severity will come out.
History
Date User Action Args
2022-04-01 19:25:43gregory.p.smithsetrecipients: + gregory.p.smith, paul.moore, tim.golden, ned.deily, lukasz.langa, zach.ware, steve.dower, pablogsal
2022-04-01 19:25:42gregory.p.smithsetmessageid: <1648841142.75.0.617699188947.issue47194@roundup.psfhosted.org>
2022-04-01 19:25:42gregory.p.smithlinkissue47194 messages
2022-04-01 19:25:42gregory.p.smithcreate