Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[3.10] bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-2016-3189 and CVE-2019-12900 (GH-31731) #31732

Merged
merged 1 commit into from
Mar 7, 2022
Merged

[3.10] bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-2016-3189 and CVE-2019-12900 (GH-31731) #31732

merged 1 commit into from
Mar 7, 2022

Conversation

zooba
Copy link
Member

@zooba zooba commented Mar 7, 2022
edited by bedevere-bot
Loading

@zooba zooba requested a review from a team as a code owner March 7, 2022 18:33
@zooba zooba changed the title bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-2016-3189 and CVE-2019-12900 (GH-31731) [3.10] bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-2016-3189 and CVE-2019-12900 (GH-31731) Mar 7, 2022
@bedevere-bot bedevere-bot mentioned this pull request Mar 7, 2022
Merged
@bedevere-bot bedevere-bot added the type-security A security issue label Mar 7, 2022
@zooba zooba merged commit 58d576a into python:3.10 Mar 7, 2022
@miss-islington
Copy link
Contributor

Thanks @zooba for the PR 🌮🎉.. I'm working now to backport this PR to: 3.7, 3.8, 3.9.
🐍🍒⛏🤖

@miss-islington
Copy link
Contributor

Sorry @zooba, I had trouble checking out the 3.9 backport branch.
Please backport using cherry_picker on command line.
cherry_picker 58d576a43cb1800dd68f06a429d7d41f746a8c01 3.9

@zooba zooba deleted the bpo-44549-3.10 branch March 7, 2022 19:15
@miss-islington
Copy link
Contributor

Sorry, @zooba, I could not cleanly backport this to 3.8 due to a conflict.
Please backport using cherry_picker on command line.
cherry_picker 58d576a43cb1800dd68f06a429d7d41f746a8c01 3.8

@miss-islington
Copy link
Contributor

Sorry @zooba, I had trouble checking out the 3.7 backport branch.
Please backport using cherry_picker on command line.
cherry_picker 58d576a43cb1800dd68f06a429d7d41f746a8c01 3.7

zooba added a commit to zooba/cpython that referenced this pull request Mar 7, 2022
@zooba
bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-20…
4f412e2 
…16-3189 and CVE-2019-12900 (pythonGH-31732)
zooba added a commit to zooba/cpython that referenced this pull request Mar 7, 2022
@zooba
bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-20…
fcfe730 
…16-3189 and CVE-2019-12900 (pythonGH-31732)
@bedevere-bot
Copy link

GH-31733 is a backport of this pull request to the 3.9 branch.

@bedevere-bot bedevere-bot removed the needs backport to 3.9 only security fixes label Mar 7, 2022
zooba added a commit to zooba/cpython that referenced this pull request Mar 7, 2022
@zooba
bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-20…
858f236 
…16-3189 and CVE-2019-12900 (pythonGH-31732)
@bedevere-bot
Copy link

GH-31734 is a backport of this pull request to the 3.8 branch.

@bedevere-bot
Copy link

GH-31735 is a backport of this pull request to the 3.7 branch.

ned-deily pushed a commit that referenced this pull request Mar 7, 2022
@zooba
bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-20…
4a3c610 
…16-3189 and CVE-2019-12900 (GH-31732) (GH-31735)
zooba added a commit that referenced this pull request Mar 7, 2022
@zooba
bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-20…
e1639f3 
…16-3189 and CVE-2019-12900 (GH-31732)
ambv pushed a commit that referenced this pull request Mar 8, 2022
@zooba
bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-20…
6649519 
…16-3189 and CVE-2019-12900 (GH-31732) (GH-31734)
hello-adam pushed a commit to hello-adam/cpython that referenced this pull request Jun 2, 2022
@zooba @hello-adam
bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-20…
9ca6a05 
…16-3189 and CVE-2019-12900 (pythonGH-31732)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@zooba zooba

Labels
type-security A security issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@zooba @miss-islington @bedevere-bot @the-knights-who-say-ni