lxml

lxml and zlib Security issue CVE-2018-25032

Bug #1970550 reported by Marcus Dreier on 2022-04-27

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	lxml	Fix Released	Undecided	scoder	lxml 4.9.0

Bug Description

The current wheels of lxml 4.8.0 contain the statically linked zlib version 1.2.11, which is affected by vulnerability CVE-2018-25032 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032). Could you please provide a new version of the lxml wheel that includes a zlib > 1.2.11?

See original description

Marcus Dreier (clabom) on 2022-04-28

information type:

Private Security → Public Security

Marcus Dreier (clabom) on 2022-04-29

description:

updated

scoder (scoder) on 2022-05-31

Changed in lxml:
milestone:	none → 4.9.0

scoder (scoder) on 2022-05-31

Changed in lxml:
assignee:	nobody → scoder (scoder)
status:	New → Fix Released

Revision history for this message

Marcus Dreier (clabom) wrote on 2022-06-01:

Very nice, many thanks for providing the new version!

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.