Skip to content

[CVE-2022-26488] Escalation of privilege via Windows Installer #91104

Closed
@zooba

Description

@zooba
BPO 46948
Nosy @gpshead, @pfmoore, @tjguk, @ned-deily, @ambv, @zware, @zooba, @pablogsal, @miss-islington
PRs
  • bpo-46948: Fix CVE-2022-26488 by ensuring the Windows Installer correctly uses the install path during repair #31726
  • [3.10] bpo-46948: Fix CVE-2022-26488 by ensuring the Windows Installer correctly uses the install path during repair #31727
  • [3.9] bpo-46948: Fix CVE-2022-26488 by ensuring the Windows Installer correctly uses the install path during repair #31728
  • [3.8] bpo-46948: Fix CVE-2022-26488 by ensuring the Windows Installer correctly uses the install path during repair #31729
  • [3.7] bpo-46948: Fix CVE-2022-26488 by ensuring the Windows Installer correctly uses the install path during repair #31730
  • bpo-46948: Fix launcher installer build failure due to first part of fix #31920
  • [3.10] bpo-46948: Fix launcher installer build failure due to first part of fix (GH-31920) #31922
  • [3.9] bpo-46948: Fix launcher installer build failure due to first part of fix (GH-31920) #31923
  • [3.8] bpo-46948: Fix launcher installer build failure due to first part of fix (GH-31920) #31924
  • [3.7] bpo-46948: Fix launcher installer build failure due to first part of fix (GH-31920) #31925
  • Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/zooba'
    closed_at = <Date 2022-03-16.12:23:48.554>
    created_at = <Date 2022-03-07.16:33:17.993>
    labels = ['type-security', '3.8', '3.9', '3.10', '3.11', '3.7', 'release-blocker', 'OS-windows']
    title = '[CVE-2022-26488] Escalation of privilege via Windows Installer'
    updated_at = <Date 2022-03-16.12:23:48.554>
    user = 'https://github.com/zooba'

    bugs.python.org fields:

    activity = <Date 2022-03-16.12:23:48.554>
    actor = 'steve.dower'
    assignee = 'steve.dower'
    closed = True
    closed_date = <Date 2022-03-16.12:23:48.554>
    closer = 'steve.dower'
    components = ['Windows']
    creation = <Date 2022-03-07.16:33:17.993>
    creator = 'steve.dower'
    dependencies = []
    files = []
    hgrepos = []
    issue_num = 46948
    keywords = ['patch']
    message_count = 16.0
    messages = ['414673', '414678', '414679', '414681', '414682', '414683', '414685', '414711', '414733', '414752', '415306', '415309', '415310', '415314', '415317', '415331']
    nosy_count = 9.0
    nosy_names = ['gregory.p.smith', 'paul.moore', 'tim.golden', 'ned.deily', 'lukasz.langa', 'zach.ware', 'steve.dower', 'pablogsal', 'miss-islington']
    pr_nums = ['31726', '31727', '31728', '31729', '31730', '31920', '31922', '31923', '31924', '31925']
    priority = 'release blocker'
    resolution = 'fixed'
    stage = 'resolved'
    status = 'closed'
    superseder = None
    type = 'security'
    url = 'https://bugs.python.org/issue46948'
    versions = ['Python 3.7', 'Python 3.8', 'Python 3.9', 'Python 3.10', 'Python 3.11']

    Metadata

    Metadata

    Assignees

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions