Vuln in Python bundled with Windows release
Bug #1740727 reported by
Chris Pavlina
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
KiCad |
Fix Released
|
High
|
Nick Østergaard |
Bug Description
We're shipping Python 2.7.13 with the Windows release, which is subject to CVE-2017-1000158 (integer overflow resulting in possible ACE, [1]). This has been fixed in 2.7.14 (see "bpo-30657" in [2]) so we should upgrade to this before 5.0.
[1] https:/
[2] https:/
Changed in kicad: | |
milestone: | none → 5.0.0-rc1 |
Changed in kicad: | |
milestone: | 5.0.0-rc1 → 5.0.0-rc2 |
To post a comment you must log in.
Personally, I'd do an interim minor release 4.0.8, as it's fairly serious to be installing Pythons on users' machines with ACE vulns and swapping out the Python version should be pretty trivial.