[issue44549] BZip 1.0.6 Critical Vulnerability

2021-07-19 Thread Dong-hee Na
Dong-hee Na added the comment: > current macOS python.org installers dynamically link to the system-provided > copies of Bzip2 Okay, so this issue looks out of scope to the CPython team if the Windows distribution follows the same policy. @steve.dowe Can you check about this issue? --

[issue44549] BZip 1.0.6 Critical Vulnerability

2021-07-19 Thread Ned Deily
Ned Deily added the comment: > Is it possible to update bz2 to 1.0.8 on macOS distribution? Thanks for looking into this. As I commented on PR 27241, this change is not needed because current macOS python.org installers dynamically link to the system-provided copies of Bzip2; the code to bui

[issue44549] BZip 1.0.6 Critical Vulnerability

2021-07-19 Thread Dong-hee Na
Dong-hee Na added the comment: Hmm since I am not a distribution expert, I would like to follow other core devs opinions. Almost Linux distributions use bzip2 1.0.6 by default. -- ___ Python tracker __

[issue44549] BZip 1.0.6 Critical Vulnerability

2021-07-19 Thread Dong-hee Na
Change by Dong-hee Na : -- components: +macOS nosy: +ronaldoussoren type: crash -> security ___ Python tracker ___ ___ Python-bugs-l

[issue44549] BZip 1.0.6 Critical Vulnerability

2021-07-19 Thread Dong-hee Na
Change by Dong-hee Na : -- pull_requests: +25790 pull_request: https://github.com/python/cpython/pull/27241 ___ Python tracker ___ _

[issue44549] BZip 1.0.6 Critical Vulnerability

2021-07-19 Thread Dong-hee Na
Dong-hee Na added the comment: @ned.deily Is it possible to update bz2 to 1.0.8 on macOS distribution? I found the guide to update the library on Windows but for the macOS version, I can not find. -- nosy: +ned.deily ___ Python tracker

[issue44549] BZip 1.0.6 Critical Vulnerability

2021-07-19 Thread Dong-hee Na
Change by Dong-hee Na : -- keywords: +patch pull_requests: +25788 stage: -> patch review pull_request: https://github.com/python/cpython/pull/27239 ___ Python tracker ___

[issue44549] BZip 1.0.6 Critical Vulnerability

2021-07-18 Thread Dong-hee Na
Dong-hee Na added the comment: I request the dependency update to use bzip2 1.0.8 which is the stable version. https://github.com/python/cpython-source-deps/pull/25 -- ___ Python tracker ___

[issue44549] BZip 1.0.6 Critical Vulnerability

2021-07-18 Thread Dong-hee Na
Change by Dong-hee Na : -- nosy: +corona10 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pytho

[issue44549] BZip 1.0.6 Critical Vulnerability

2021-07-04 Thread Ma Lin
Ma Lin added the comment: If you update python/cpython-source-deps, I can submit a simple PR to python/cpython. I want to submit a PR to python/cpython-source-deps, but I think it’s better for a credible person to do this. -- nosy: +malin ___ Pyth

[issue44549] BZip 1.0.6 Critical Vulnerability

2021-07-02 Thread siddhartha shankar mahato
New submission from siddhartha shankar mahato : Python (3.9.5 and 3.9.6 are using Bzip2 1.0.6 which has a known critical vulnerability. CVE-2019-12900 (BDSA-2019-1844) 9.8 Critical NVD CVE-2016-3189 (BDSA-2019-2036). Please upgrade the same to a stable version. -- components: Windows