Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redistributed TK libraries include out of date zlib #176

Open
scw opened this issue Mar 18, 2024 · 1 comment
Open

Redistributed TK libraries include out of date zlib #176

scw opened this issue Mar 18, 2024 · 1 comment

Comments

@scw
Copy link

scw commented Mar 18, 2024

The copies of zlib included in tkcop.dll and tkezlib.dll rely on the 1.2.13 versions of the package, where the current version is 1.3.1: image

Because SWAT and TK don't directly expose the tool which has a critical vulnerability, the high priority CVE isn't directly relevant, but it would still be great to resync so that security scanners and other consumers don't flag the package.
@scw
Copy link
Author

scw commented Feb 5, 2025

Working with SAS support, they closed the internal issue and said this public facing one was the right place to get this issue addressed. Can a contributor to the python-swat package please triage this issue? It is still present in the latest 1.15.0 wheels:

Image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@scw