Add CVE-2018-25032: vulnerable zlib 1.2.11#39
Conversation
| affected-versions: | ||
| - '3.10' | ||
| - '3.9' | ||
| - '3.8' | ||
| - '3.7' |
There was a problem hiding this comment.
I don't think that this list is correct not useful, the tool should compute it automatically.
There was a problem hiding this comment.
Well, this seems to be a redundant member and we should remove it. Maybe we should change template at the top of vulnerabilities.yaml as well.
# Template:
# - name: ""
...
# fixed-in:
# - '3.x': commit_sha1
# - '3.y': commit_sha1
# affected-versions:
# - "x.y"
# description: ||
|
||
| On Windows, you could fix this vulnerability by updating zlib to | ||
| 1.2.12 in Windows builds. On Linux and macOS, you can fix it by specifying | ||
| the dynamically link version of zlib. |
There was a problem hiding this comment.
Would you mind to mention that on Linux and macOS, Python uses the system zlib library?
There was a problem hiding this comment.
Would you mind to mention that on Linux and macOS, Python uses the system zlib library?
By default, Python uses the system zlib to build. We can also specify the version of zlib by setting CPPFLAGS and LDFLAGS. Maybe I could describe the solution in more detail :)
|
Merged, thanks. |
2 participants
#36