-
Notifications
You must be signed in to change notification settings - Fork 553
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
vulnerability in libuv v1.46.0 #615
Comments
Closed
#600 would fix this |
No problem! Yes, I'll cut it tomorrow. |
fantix
added a commit
that referenced
this issue
Aug 15, 2024
Changes ======= * Upgrade libuv to v1.48.0 (#600) (by @niklasr22 @fantix in 7777852 for #596 #615) Fixes ===== * Fix test_create_server_4 with Python 3.12.5 (#614) (by @shadchin in 62f9239) * Use len(os.sched_getaffinity(0)) instead of os.cpu_count() (#591) (by @avkarenow in c8531c2 for #591) * Inline _Py_RestoreSignals() from CPython (#604) (by @befeleme in 8511ba1 for #603)
Merged
edgarrmondragon
pushed a commit
to edgarrmondragon/uvloop
that referenced
this issue
Aug 19, 2024
Changes ======= * Upgrade libuv to v1.48.0 (MagicStack#600) (by @niklasr22 @fantix in 7777852 for MagicStack#596 MagicStack#615) Fixes ===== * Fix test_create_server_4 with Python 3.12.5 (MagicStack#614) (by @shadchin in 62f9239) * Use len(os.sched_getaffinity(0)) instead of os.cpu_count() (MagicStack#591) (by @avkarenow in c8531c2 for MagicStack#591) * Inline _Py_RestoreSignals() from CPython (MagicStack#604) (by @befeleme in 8511ba1 for MagicStack#603)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
PYTHONASYNCIODEBUG
in env?: n/auvloop uses libuv v1.46.0, which has a security vulnerability https://nvd.nist.gov/vuln/detail/CVE-2024-24806
the vulnerability was fixed in libuv v1.48.0 but uvloop is still using v1.46.0.
The text was updated successfully, but these errors were encountered: