Menu
▾
▴
[Jython-dev] Query related to Python issue CVE-2021-29921 and its impact on jython2.5.3
|
From: Aditya R. <adi...@al...> - 2021-05-06 11:36:12
|
Hi Team, We are using jython2.5.3 version in our product.And we have few query related to the new issue reported through CVE-2021-29921 at Python stream (in respect to jython streams). CVE-2021-29921 : - "ipaddress leading zeros in IPv4 address" >From these below links we can check the code fixes against this CVE. https://github.com/python/cpython/pull/12577 https://github.com/python/cpython/commit/60ce8f0be6354ad565393ab449d8de5d713f35bc That is Lib/ipaddress.py file having the fix in python 3.9 or 3.10 streams. But when we checked the jython2.5.3 libraries , found a file named "Lib/_google_ipaddr_r234.py" which containing code module as below ******************** def _parse_octet(self, octet_str): ................. ................. # Disallow leading zeroes, because no clear standard exists on # whether these should be interpreted as decimal or octal. if octet_int > 255 or (octet_str[0] == '0' and len(octet_str) > 1): raise ValueError return octet_int ******************** Below are our queries: * Are the code fix done in python streams and the present code snippet in jython2.5.3 Lib/_google_ipaddr_r234.py similar ? * Is above jython's code module addressing the same issue ? * Can we assume that the jython 2.5.3 libraries already contains the fixes for CVE-2021-29921? Some other queries: * How do we know jython 2.5.3 libraries internally pointing to which python version exactly? * Can you please share any links/references which shows that "which Jython version supports which exact python version"? or you suggest any views how to check. Please provide your suggestions for above queries. Thanks in Advance !! Regards, Aditya Raj ===================================================== Please refer to https://northamerica.altran.com/email-disclaimer for important disclosures regarding this electronic communication. ===================================================== |
