Fixing a python issue with a patch is given as source code instead of dll

jaisonshereen · April 22, 2021, 5:17pm

I am not sure how to fix this, please advice

I have a python security issue which python released a patch for this. Patch is not released as another new version of dll instead it is released as source only files

Issue : CVE-2020-15523 is an invalid search path in Python

Solution is to update a patch which is a github link

Patch: https://github.com/python/cpython/pull/21297

But since I was using a python.dll how should I used this source instead of dll?

Complete issue description Mailman 3 [CVE-2020-15523] Python uses invalid DLL path after calling Py_SetPath on Windows - Security-announce - python.org

jeanas · April 22, 2021, 6:03pm

If you are using Python 3.9 or 3.8, just download newer releases from the website, which contain the fix.

If, as I understand it, you require an older version of Python: the patch was backported to 3.7 and 3.6 for source-only releases, which means that you should compile Python yourself if you want to use them. Follow the instructions in the developer’s guide:

https://devguide.python.org/setup/#windows

You should build after checking out the appropriate branch, for example:

git checkout 3.7

jaisonshereen · April 23, 2021, 4:44am

You mean i need to checkout the appropriate version from git, in my case it is 3.8.4 and build the source using SDK, then I need to replace the python.dll which I got after building the code in my application?

Is it python.dll or python3x.dll??

Which folder I need to look for this dll after the build? is it bin?

zware · April 23, 2021, 3:48pm

If you’re already running v3.8.4 or later, you’re already patched

If you’re on a 3.8 version prior to v3.8.4, you’ll want to update to the latest v3.8.9 the same way you initially installed your current 3.8.