Hi, @pombr , @JonoYang, I'd like to report a vulnerability issue in extractcode-libarchive_3.5.1.210531.
Dependency Graph between Python and Shared Libraries
Issue Description
As shown in the above dependency graph(just shows the vulnerable dependency), extractcode-libarchive_3.5.1.210531 directly depends on 8 C libraries (.so). However, I noticed that one C library is vulnerable, containing the following CVEs:
libarchive.so from C project libarchive(version:3.4.3) exposed 1 vulnerabilities:
CVE-2021-36976
Suggested Vulnerability Patch Versions
libarchive has fixed the vulnerabilities in versions >=3.5.3
Python build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Python projects.
As a popular python package (extractcode-libarchive has 8,456 downloads per month), could you please upgrade the above shared libraries to their patch versions?
Hi, @pombr , @JonoYang, I'd like to report a vulnerability issue in extractcode-libarchive_3.5.1.210531.
Dependency Graph between Python and Shared Libraries
Issue Description
As shown in the above dependency graph(just shows the vulnerable dependency), extractcode-libarchive_3.5.1.210531 directly depends on 8 C libraries (.so). However, I noticed that one C library is vulnerable, containing the following CVEs:
libarchive.so
from C project libarchive(version:3.4.3) exposed 1 vulnerabilities: CVE-2021-36976Suggested Vulnerability Patch Versions
libarchive has fixed the vulnerabilities in versions >=3.5.3
Python build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Python projects. As a popular python package (extractcode-libarchive has 8,456 downloads per month), could you please upgrade the above shared libraries to their patch versions?
Thanks for your help~ Best regards, Andy