Mail Archives: cygwin/2024/04/23/14:51:37

Brian Inglis via Cygwin <cygwin AT cygwin DOT com> · Tue, 23 Apr 2024 12:51:04 -0600

On 2024-04-21 18:25, Zhike Wang via Cygwin wrote:
> Any update/advice for this topic? Or should I raise a ticket to other Cygwin Mailing Lists?

There are no tickets and no other lists - this is the list for Cygwin issues.

> On April 18, 2024 20:29, Zhike Wang wrote:
>> At  the moment, I use python 3.9.16 under Cygwin environment while my 
>> company IT alert me there is a severity risk for python 3.9.16 which need 
>> be upgraded to Python version 3.11.5 or newer asap.
>> I have tried to use Cygwin setup(setup-x86_64) to update the python version
>> but it looks Cygwin only support python up to version 3.9.18 at the
>> moment.
>> So I would like to check with experts when the Cygwin can support Python
>> 3.11.5 or newer version?
>> Thank you very much.

It appears that this is not how python is maintained, as all python modules and 
packages have to be rebuilt for each major version, so fixes are applied to each 
supported major version e.g 3.9!

The web page below is more useful as it shows the current latest python release 
with all known core vulnerabilities fixed for each major version:

	https://maikuolan.github.io/Vulnerability-Charts/python.html

for a few other packages see:

	https://maikuolan.github.io/Vulnerability-Charts/
	https://github.com/Maikuolan/Vulnerability-Charts

so 3.{8,9}.19+ should fix all currently known security issues with 3.{8,9}; 
other releases are required for newer versions.

And 3.11.5 has issues, 3.11.9 is fixed: let your co IT know this!

Please note also that some vulnerabilities are specific to only certain 
platforms and capabilities e.g. Linux:

	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42919
	https://nvd.nist.gov/vuln/detail/CVE-2022-42919	

-- 
Take care. Thanks, Brian Inglis              Calgary, Alberta, Canada

La perfection est atteinte                   Perfection is achieved
non pas lorsqu'il n'y a plus rien Ă  ajouter  not when there is no more to add
mais lorsqu'il n'y a plus rien Ă  retirer     but when there is no more to cut
                                 -- Antoine de Saint-ExupĂŠry

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 40906384AB68
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1713898295;
	bh=Xpr1LwMYcLy9eFkKMDL+IEvbDGYKc1rSCtMtpGrC2vA=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	From;
	b=kwixuu0sGXqBYTX9KvI0wHoRKYKgUoagHvYOcKzFLpLIVu2x1YHNaHxx6ERRJjmfV
	eRaLxNZsZiZOVXQGBBW6ya63gdC7aoLLFoO1JJl3ZFb6Rzkw9Jp3Yf7r9H1cz1T8t9
	pATkiDqnJw4sR1dudsus0cA0vjDRuDvTr4/Qx+kg=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.2 sourceware.org 7BDBD384AB7E
ARC-Filter:	OpenARC Filter v1.0.0 sourceware.org 7BDBD384AB7E
ARC-Seal:	i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1713898271; cv=none;
	b=jrm2umAbVCN/j6u/FE3y0kqAp/MKVGMrgRh8sSwFFle2/RGtZj94s+Vq/Y4VT5dVHAduUB2zQp1fs+8mSycQ0xqlSb06CMwhqr0JsU9bs1FqxEaGod05XXRZGMsVGqFDaeo7RYwHs2JVa2bjgEwHEUk+YWm4WN4vcx9I08f7cl8=
ARC-Message-Signature:	i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1713898271; c=relaxed/simple;
	bh=xD6+UjbBEoXnX7Cp8dHuejAGWe8IwZU0Ii0X5O6fps8=;
	h=Message-ID:Date:MIME-Version:Subject:To:From;
	b=QG1rSuP/Navg34StQ9wrTPBOTfoCzNFQKV6eDqpQMYxUaF4oOBjD7/SAxdLmsFdjB+irmMUyEN+gqA/nVDx4MqUMCEByCoVD2Zd4r7SxLgBom7+7RcijExAje1iaw+/EAd2kL7RXBY1vo0rq1/8abmEIRoTgkbNk4bsdd0XR6pg=
ARC-Authentication-Results:	i=1; server2.sourceware.org
Message-ID:	<6b09ddd1-070f-4bab-87d8-0c8f733b6da3@SystematicSW.ab.ca>
Date:	Tue, 23 Apr 2024 12:51:04 -0600
MIME-Version:	1.0
User-Agent:	Mozilla Thunderbird
Subject:	Re: [Question] When the cygwin support Python version 3.11.5 or newer?
To:	cygwin AT cygwin DOT com
References:	<AM6PR07MB5685B689E6A8B92CDB3C27F7AA0E2 AT AM6PR07MB5685 DOT eurprd07 DOT prod DOT outlook DOT com>
	<AM6PR07MB5685A0B746622F7D412904C5AA122 AT AM6PR07MB5685 DOT eurprd07 DOT prod DOT outlook DOT com>
Organization:	Systematic Software
In-Reply-To:	<AM6PR07MB5685A0B746622F7D412904C5AA122@AM6PR07MB5685.eurprd07.prod.outlook.com>
X-Rspamd-Queue-Id:	74C5520028
X-Spam-Status:	No, score=-2.0 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
	RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,
	SPF_PASS, TXREP, UNPARSEABLE_RELAY,
	URIBL_SBL_A autolearn=no autolearn_force=no version=3.4.6
X-Stat-Signature:	ags54d65zceg57qbf38363yqedu9dw9s
X-Rspamd-Server:	rspamout05
X-Session-Marker:	427269616E2E496E676C69734053797374656D6174696353572E61622E6361
X-Session-ID:	U2FsdGVkX1/kBOmF68HO3pDdtpyD+s9+xvt+EI9HROU=
X-HE-Tag:	1713898265-209104
X-HE-Meta:	U2FsdGVkX19/maqSoXZQSkArcoaJvZI2A7c6Xxc433MNQrX9pBdDMM/6CndqkoyQ7K3BZZOJZdD3r3Bxg7AYXsDELFJJU0Swi6OcwJkoT9pr8RDdokkN7inhX58smXoIoSEesIDDYuj5c5vhDynFvfDl+QTL6DrJzU0JOl/ngTnSkrQfHt71kkaEr3WFu3HHW/aa2mGQHbLP1f+6h6C1CNTYVyeLUftXq3jtgXd86bWNPLlblbwROxatsr1V8DAj//SgZVKheGPYcnCVVjiqzK1JNVrTkFT6jQ/TVyMBhoRddvLymvmSqpTFNHmpyoBs9YpTIPtO0c1ukJT85wc6AVG++Sn6WzUn6VZbmKdOtEESyfEFc6wg6i6IcFrWy1z9rdyuTcftvhdyLSjpcvuvUyZd6RIH0VCqD6JT6LVP3GbgvnwwtkiIlSNjwq4AW0TS/NLlNb7cf2cvoYgOYqed1Swn71mdht1uCwKkomh5WSviWQfjJzdTLHZxTGadc9Jd+Xf/XrI2zFKaDycXoFnVWEiKqflkGCsX8tzi4nHy8aTfzO9emjKl6gXJT4P6bHSn
X-Spam-Checker-Version:	SpamAssassin 3.4.6 (2021-04-09) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.30
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<https://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Brian Inglis via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	cygwin AT cygwin DOT com
Cc:	Brian Inglis <Brian DOT Inglis AT SystematicSW DOT ab DOT ca>
Errors-To:	cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id 43NIpbE91123210

webmaster	delorie software privacy
Copyright Š 2019 by DJ Delorie	Updated Jul 2019