Hi Douglas,

It looks to me like this was fixed in Python 3.6, 3.7, 3.8 and 3.9:

From https://python-security.readthedocs.io/vuln/cjk-codec-download-eval.html: 
<https://python-security.readthedocs.io/vuln/cjk-codec-download-eval.html:>

Fixed In 
<https://python-security.readthedocs.io/vuln/cjk-codec-download-eval.html#fixed-in>
Python 3.6.13 (2021-02-16) fixed by commit e912e94 (branch 3.6) 
<https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b>
 (2020-10-20)
Python 3.7.10 (2021-02-16) fixed by commit 43e5231 (branch 3.7) 
<https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9>
 (2020-10-20)
Python 3.8.7 (2020-12-21) fixed by commit 6c6c256 (branch 3.8) 
<https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33>
 (2020-10-06)
Python 3.9.1 (2020-12-07) fixed by commit b664a1d (branch 3.9) 
<https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794>
 (2020-10-06)
So you should be able to address the CVE by upgrading to one of these patch 
versions. AFAIK we don't have a timeline for 3.9 support in Python for .NET yet.

cheers,
-Mark

Mark Visser
Senior Dev Manager, M&E
Unity Technologies - www.unity3d.com <http://www.unity3d.com/>






> On May 12, 2021, at 12:43 PM, Douglas Wyant (Aptly Technology Corporation) 
> via PythonNet <pythonnet@python.org> wrote:
> 
> PythonNet,
>                 Hi folks, I have no idea if this is the correct way to engage 
> support / ask questions, so please redirect me.  We need to deploy Python 
> v3.9 to resolve a known Security issue in older versions.  I’m told we’re 
> blocked on deploying until PythonNet is updated to support v3.9.  So the 
> question is when might that be?
>  
> https://bugs.python.org/issue41944 <https://bugs.python.org/issue41944>
> CVE-2020-27619: WIndows
> Python versions 3.0.0 through 3.9.0 are susceptible to a vulnerability which 
> when successfully exploited could lead to disclosure of sensitive 
> information, addition or modification of data, or Denial of Service (DoS).
> Affected Versions 
> Python versions 3.0.0 through 3.9.0 
>  
> Thanks,
>  
> Doug Wyant (Aptly Technology Corporation), GSEC, GCIH
> Service Engineer 2
> Microsoft
> _______________________________________________
> PythonNet mailing list -- pythonnet@python.org <mailto:pythonnet@python.org>
> To unsubscribe send an email to pythonnet-le...@python.org 
> <mailto:pythonnet-le...@python.org>
> https://mail.python.org/mailman3/lists/pythonnet.python.org/ 
> <https://mail.python.org/mailman3/lists/pythonnet.python.org/>
> Member address: ma...@unity3d.com <mailto:ma...@unity3d.com>
_______________________________________________
PythonNet mailing list -- pythonnet@python.org
To unsubscribe send an email to pythonnet-le...@python.org
https://mail.python.org/mailman3/lists/pythonnet.python.org/
Member address: arch...@mail-archive.com

Reply via email to