lxml

  1. Bug #1970550
  2. Activity log

Activity log for bug #1970550

Date Who What changed Old value New value Message
2022-04-27 07:24:20 Marcus Dreier bug added bug
2022-04-28 11:45:30 Marcus Dreier information type Private Security Public Security
2022-04-29 08:56:08 Marcus Dreier description The current wheels of lxml 4.8.0 contain the statically linked zlib version 1.2.11, which is affected by vulnerability CVE-2018-25032 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032). Could you please provide a new version of the lxml wheel that includes a zlib > 12.2.11? The current wheels of lxml 4.8.0 contain the statically linked zlib version 1.2.11, which is affected by vulnerability CVE-2018-25032 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032). Could you please provide a new version of the lxml wheel that includes a zlib > 1.2.11?
2022-05-31 21:01:30 scoder lxml: milestone 4.9.0
2022-05-31 21:27:16 scoder lxml: status New Fix Released
2022-05-31 21:27:16 scoder lxml: assignee scoder (scoder)