[issue39401] [CVE-2020-8315] Unsafe dll loading in getpathp.c on Win7
Steve Dower
report at bugs.python.org
Wed Jan 29 19:42:41 EST 2020
Steve Dower <steve.dower at python.org> added the comment:
> I added https://python-security.readthedocs.io/vuln/unsafe-dll-load-windows-7.html to track fixes in all branches.
Thanks, Victor!
Python 2.7 and 3.5 are not vulnerable. The issue was added in 3.6 when I added support for installing Python into a long path name on up-to-date OS, which required dynamically loading an OS function. That dynamic load was the problem.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue39401>
_______________________________________
More information about the Python-bugs-list
mailing list