PyPi: Gvsbuild

CVE-2023-45853

Transitive

Safety vulnerability ID: 63111

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Oct 14, 2023 Updated at Dec 09, 2024
Scan your Python projects for vulnerabilities →

Advisory

Gvsbuild 2023.12.0 includes a patch for the CVE 2023-45853 on its zlib dependency.
https://github.com/wingtk/gvsbuild/pull/1187/commits/6214fc55ecfbb234b691df66b95f511400fc919b

Affected package

gvsbuild

Latest version: 2024.12.0

GTK stack for Windows

Affected versions

Fixed versions

Vulnerability changelog

Changes

- zlib: add patch for CVE 2023-45853 nacho (1187)
- build(deps): bump github/codeql-action from 3.22.11 to 3.22.12 (1186)
- build(deps): bump actions/download-artifact from 4.0.0 to 4.1.0 (1182)
- build(deps): bump actions/download-artifact from 3.0.2 to 4.0.0 (1177)
- build(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 (1178)
- Update libadwaita to version 1.4.2 danyeaw (1180)
- build(deps): bump lastversion from 3.4.3 to 3.4.5 (1181)
- Update CMake, libxml2, and librsvg danyeaw (1179)
- build(deps): bump github/codeql-action from 2.22.10 to 3.22.11 (1176)
- Revert "Update protobuf-c to version 1.5.0" AlessandroBono (1173)
- build(deps): bump github/codeql-action from 2.22.9 to 2.22.10 (1172)
- OpenSSL: Build FIPS provider AlessandroBono (1162)
- build(deps): bump lastversion from 3.4.2 to 3.4.3 (1171)
- build(deps): bump lastversion from 3.4.1 to 3.4.2 (1170)
- Weekly Dependency Update 2023-12-09 danyeaw (1160)
- build(deps): bump github/codeql-action from 2.22.8 to 2.22.9 (1169)
- build(deps): bump lastversion from 3.4.0 to 3.4.1 (1168)
- gst-plugins-bad: Fix patch AlessandroBono (1167)
- build(deps): bump actions/setup-python from 4.8.0 to 5.0.0 (1166)
- ffmpeg: Generate and install pdb files when in debug or debug-optimized configuration AlessandroBono (1165)
- gst-plugins-bad: Apply upstream patch AlessandroBono (1164)
- build(deps): bump actions/setup-python from 4.7.1 to 4.8.0 (1163)
- gst-plugins-good: add audio-level-meta to cutter ignazp (1159)
- build(deps): bump lastversion from 3.3.2 to 3.4.0 (1161)
- build(deps): bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11 (1156)
- build(deps): bump actions/dependency-review-action from 3.1.3 to 3.1.4 (1157)
- openssl: Don't generate documentation AlessandroBono (1155)
- build(deps-dev): bump tox from 4.11.3 to 4.11.4 (1154)
- Update SQLite, libxml2, and OpenSSL danyeaw (1153)
- build(deps): bump github/codeql-action from 2.22.7 to 2.22.8 (1152)
- Update SQLite and pkgconf danyeaw (1151)
- Update Meson to version 1.3.0 danyeaw (1150)
- Add docs to use with Visual Studio (and link to gtk4-rs book for Rust) mitchhentges (1149)
- Update GTK to version 4.12.4 danyeaw (1147)
- openssl: Minor changes AlessandroBono (1148)
- openssl: fixups in the pc files nacho (1146)
- build(deps): bump github/codeql-action from 2.22.6 to 2.22.7 (1145)
- build(deps): bump step-security/harden-runner from 2.6.0 to 2.6.1 (1144)
- GStreamer, libxml2, cargo, CMake, and libfido2 updates danyeaw (1143)
- fido2: build shared libraries nacho (1141)
- openssl: Update pkg-conf files AlessandroBono (1142)
- build(deps): bump github/codeql-action from 2.22.5 to 2.22.6 (1140)
- Update pre-commit hooks danyeaw (1139)
- build(deps): bump actions/dependency-review-action from 3.1.2 to 3.1.3 (1137)
- FFmpeg 6.1 and Harfbuzz 8.3.0 danyeaw (1136)
- Remove extra bin in prefix for pkgconfig files danyeaw (1134)
- Explicitly add `msys2` as path dependency of `libadwaita` mitchhentges (1135)

Thanks again to AlessandroBono, danyeaw, ignazp, mitchhentges, and nacho! 🎉

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

CRITICAL 9.8

CVSS v3 Details

CRITICAL 9.8
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH