-
-
Notifications
You must be signed in to change notification settings - Fork 30.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CVE-2020-15801] python 38 embed ignore python38._pth file on windows #85476
Comments
Hi,
Note It's working under python 3.7.8 |
replacing python38._pth by python._pth does fix it. |
Thanks, this is a regression. https://github.com/python/cpython/blob/master/PC/getpathp.c#L672 should be inverted, as a zero return value indicates success. |
For clarity, this was caused by the fix for bpo-29778, and was only released in 3.8.4 and 3.9.0b4. No other versions had a release before the fix was merged. |
This is now assigned CVE-2020-15801 |
New changeset a16ac4e by Miss Islington (bot) in branch '3.9': |
New changeset 79ed1a5 by Miss Islington (bot) in branch '3.8': |
hi, since the affected system is not clearly stated on the NVD, I'd like to confirm with you that: Does the CVE-2020-15801 vulnerability affect only the Windows OS? thanks a lot! |
Yes, it only affects Windows OS. On all other platforms, the python38._pth file is _always_ ignored. We have not implemented this support for those platforms. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: