Vuln in Python bundled with Windows release
Bug #1740727 reported by
Chris Pavlina
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| KiCad |
Fix Released
|
High
|
Nick Østergaard | ||
Bug Description
We're shipping Python 2.7.13 with the Windows release, which is subject to CVE-2017-1000158 (integer overflow resulting in possible ACE, [1]). This has been fixed in 2.7.14 (see "bpo-30657" in [2]) so we should upgrade to this before 5.0.
[1] https:/
[2] https:/
Revision history for this message
| Chris Pavlina (pavlina-chris) wrote | #1 |
Revision history for this message
| Wayne Stambaugh (stambaughw) wrote Re: [Bug 1740727] Re: Vuln in Python bundled with Windows release | #2 |
Revision history for this message
| Chris Pavlina (pavlina-chris) wrote | #3 |
| Changed in kicad: | |
| milestone: | none → 5.0.0-rc1 |
| Changed in kicad: | |
| milestone: | 5.0.0-rc1 → 5.0.0-rc2 |
Revision history for this message
| Nick Østergaard (nickoe) wrote | #4 |
| Changed in kicad: | |
| status: | New → Fix Released |
To post a comment you must log in.
Personally, I'd do an interim minor release 4.0.8, as it's fairly serious to be installing Pythons on users' machines with ACE vulns and swapping out the Python version should be pretty trivial.