Skip to content

Zlib inflate security fix.#171

Merged
dumol merged 19 commits into
masterfrom
zlib-inflate-fix
Nov 7, 2022
Merged

Zlib inflate security fix.#171
dumol merged 19 commits into
masterfrom
zlib-inflate-fix

Conversation

@dumol

@dumol dumol commented Nov 4, 2022

Copy link
Copy Markdown
Contributor

Scope

Fixes CVE-2022-37434.

Changes

Updated zlib sources to 1.2.13.

Note that Windows packages use upstream Python which embeds zlib 1.2.11, so they remain vulnerable to this.

Other updates: OpenSSL 1.1.1s, SQLite 3.39.4, libffi 3.4.4, psutil 5.9.3 (5.9.1 on generic glibc-based Linux).

How to try and test the changes

reviewers: @adiroiban

To review changes:

git diff master python-modules/ chevah_build

Check automated tests.

Staging packages tested in server repo: https://github.com/chevah/server/pull/5974

@dumol dumol self-assigned this Nov 4, 2022
@dumol

dumol commented Nov 4, 2022

Copy link
Copy Markdown
Contributor Author

Still to be tested under AIX (maybe without the exception for psutil).

needs-review

@adiroiban adiroiban left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks.

windows will be left behind.

I will start working on py3 migration now

@dumol

dumol commented Nov 7, 2022

Copy link
Copy Markdown
Contributor Author

The current branch builds and tests fine on AIX 7.1 using the python-package-7100-05-09 image on IBM Cloud.

@dumol dumol merged commit d2b7dcc into master Nov 7, 2022
@dumol dumol deleted the zlib-inflate-fix branch November 7, 2022 10:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants