[issue29169] update zlib to 1.2.10

Matthias Klose added the comment: ok, will wait with the commits until after the releases. -- ___ Python tracker ___ ___ Python-bugs-l

[issue29169] update zlib to 1.2.10

Raymond Hettinger added the comment: > I'm inclined to not cherry-pick this, which means it'd > ship in 3.5.4 and 3.4.7, probably in six months. I concur. Looking at the CVEs, these all seem minor and not exploitable through the Python interface. -- nosy: +rhettinger ___

[issue29169] update zlib to 1.2.10

Larry Hastings added the comment: I cut 3.4.6rc1 and 3.5.3rc1 a couple of days ago. Do you think the CVEs are bad enough to warrant cherry-picking this? A quick google suggests they were all low severity: http://www.openwall.com/lists/oss-security/2016/12/05/21 I'm inclined to not cherry-pi

[issue29169] update zlib to 1.2.10

Roundup Robot added the comment: New changeset ed172054a812 by doko in branch '2.7': - Issue #29169: Update zlib to 1.2.10. https://hg.python.org/cpython/rev/ed172054a812 -- nosy: +python-dev ___ Python tracker ___

[issue29169] update zlib to 1.2.10

New submission from Matthias Klose: These are the changes updating zlib from 1.2.8 to 1.2.10. It is only used when building without a system zlib. The new release includes fixes for security issues CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843. Intending to update all active bran