Hi Douglas, It looks to me like this was fixed in Python 3.6, 3.7, 3.8 and 3.9:
From https://python-security.readthedocs.io/vuln/cjk-codec-download-eval.html: <https://python-security.readthedocs.io/vuln/cjk-codec-download-eval.html:> Fixed In <https://python-security.readthedocs.io/vuln/cjk-codec-download-eval.html#fixed-in> Python 3.6.13 (2021-02-16) fixed by commit e912e94 (branch 3.6) <https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b> (2020-10-20) Python 3.7.10 (2021-02-16) fixed by commit 43e5231 (branch 3.7) <https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9> (2020-10-20) Python 3.8.7 (2020-12-21) fixed by commit 6c6c256 (branch 3.8) <https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33> (2020-10-06) Python 3.9.1 (2020-12-07) fixed by commit b664a1d (branch 3.9) <https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794> (2020-10-06) So you should be able to address the CVE by upgrading to one of these patch versions. AFAIK we don't have a timeline for 3.9 support in Python for .NET yet. cheers, -Mark Mark Visser Senior Dev Manager, M&E Unity Technologies - www.unity3d.com <http://www.unity3d.com/> > On May 12, 2021, at 12:43 PM, Douglas Wyant (Aptly Technology Corporation) > via PythonNet <pythonnet@python.org> wrote: > > PythonNet, > Hi folks, I have no idea if this is the correct way to engage > support / ask questions, so please redirect me. We need to deploy Python > v3.9 to resolve a known Security issue in older versions. I’m told we’re > blocked on deploying until PythonNet is updated to support v3.9. So the > question is when might that be? > > https://bugs.python.org/issue41944 <https://bugs.python.org/issue41944> > CVE-2020-27619: WIndows > Python versions 3.0.0 through 3.9.0 are susceptible to a vulnerability which > when successfully exploited could lead to disclosure of sensitive > information, addition or modification of data, or Denial of Service (DoS). > Affected Versions > Python versions 3.0.0 through 3.9.0 > > Thanks, > > Doug Wyant (Aptly Technology Corporation), GSEC, GCIH > Service Engineer 2 > Microsoft > _______________________________________________ > PythonNet mailing list -- pythonnet@python.org <mailto:pythonnet@python.org> > To unsubscribe send an email to pythonnet-le...@python.org > <mailto:pythonnet-le...@python.org> > https://mail.python.org/mailman3/lists/pythonnet.python.org/ > <https://mail.python.org/mailman3/lists/pythonnet.python.org/> > Member address: ma...@unity3d.com <mailto:ma...@unity3d.com>
_______________________________________________ PythonNet mailing list -- pythonnet@python.org To unsubscribe send an email to pythonnet-le...@python.org https://mail.python.org/mailman3/lists/pythonnet.python.org/ Member address: arch...@mail-archive.com
