Could you help upgrade the vulnerble shared library introduced by package zelos? 

Hi, @kvalakuzhyzp , @rcourt , I'd like to report a vulnerability issue in **zelos_0.2.0**.
### Issue Description
**zelos_0.2.0** directly or transitively depends on ***111*** C libraries (.so). However, I noticed that some C libraries are vulnerable, containing the following CVEs:
`ld-linux-armhf.so.3` `libc.so.6`   `ld-linux-x86-64.so.2`   `ld-2.27.so`   `ld-linux.so.2`   `libanl-2.27.so`   `libanl.so.1`   `libBrokenLocale-2.27.so`   `libBrokenLocale.so.1`   `libc-2.27.so` `libcidn-2.27.so`  `libcidn.so.1`   `libcrypt-2.27.so`   `libcrypt.so.1`   `libdl-2.27.so`   `libdl.so.2`   `libm-2.27.so` `libm.so.6`   `libmemusage.so`   `libnsl-2.27.so`   `libnsl.so.1`   `libnss_compat-2.27.so`   `libnss_compat.so.2`   `libnss_dns-2.27.so`   `libnss_dns.so.2`   `libnss_files-2.27.so`   `libnss_files.so.2`   `libnss_hesiod-2.27.so`   `libnss_hesiod.so.2`   `libnss_nis-2.27.so`   `libnss_nis.so.2`   `libnss_nisplus-2.27.so`   `libnss_nisplus.so.2`   `libpcprofile.so`   `libpthread-2.27.so`   `libpthread.so.0`   `libresolv-2.27.so`   `libresolv.so.2`   `librt-2.27.so`   `librt.so.1`   `libSegFault.so`   `libthread_db-1.0.so`   `libthread_db.so.1`   `libutil-2.27.so`   `libutil.so.1`   from C project **glibc(version:2.27)** exposed ***22*** vulnerabilities:
[CVE-2015-8985](https://nvd.nist.gov/vuln/detail/CVE-2015-8985), [CVE-2019-7309](https://nvd.nist.gov/vuln/detail/CVE-2019-7309), [CVE-2020-1751](https://nvd.nist.gov/vuln/detail/CVE-2020-1751), [CVE-2020-10029](https://nvd.nist.gov/vuln/detail/CVE-2020-10029), [CVE-2019-9169](https://nvd.nist.gov/vuln/detail/CVE-2019-9169), [CVE-2019-6488](https://nvd.nist.gov/vuln/detail/CVE-2019-6488), [CVE-2020-6096](https://nvd.nist.gov/vuln/detail/CVE-2020-6096), [CVE-2020-1752](https://nvd.nist.gov/vuln/detail/CVE-2020-1752), [CVE-2020-27618](https://nvd.nist.gov/vuln/detail/CVE-2020-27618), [CVE-2021-3326](https://nvd.nist.gov/vuln/detail/CVE-2021-3326), [CVE-2021-33574](https://nvd.nist.gov/vuln/detail/CVE-2021-33574), [CVE-2019-25013](https://nvd.nist.gov/vuln/detail/CVE-2019-25013), [CVE-2021-38604](https://nvd.nist.gov/vuln/detail/CVE-2021-38604), [CVE-2021-35942](https://nvd.nist.gov/vuln/detail/CVE-2021-35942), [CVE-2019-19126](https://nvd.nist.gov/vuln/detail/CVE-2019-19126), [CVE-2019-9192](https://nvd.nist.gov/vuln/detail/CVE-2019-9192), [CVE-2018-20796](https://nvd.nist.gov/vuln/detail/CVE-2018-20796), [CVE-2009-5155](https://nvd.nist.gov/vuln/detail/CVE-2009-5155), [CVE-2016-10739](https://nvd.nist.gov/vuln/detail/CVE-2016-10739), [CVE-2018-11237](https://nvd.nist.gov/vuln/detail/CVE-2018-11237), [CVE-2017-18269](https://nvd.nist.gov/vuln/detail/CVE-2017-18269), [CVE-2018-11236](https://nvd.nist.gov/vuln/detail/CVE-2018-11236),

### Suggested Vulnerability Patch Versions
***glibc*** has fixed the vulnerabilities in versions ***>=2.35***

Python build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Python projects. Could you please upgrade the above shared libraries to their patch versions?

Thanks for your help~
Best regards,
Joe Gardner

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Could you help upgrade the vulnerble shared library introduced by package zelos? #140

Issue Description

Suggested Vulnerability Patch Versions

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Could you help upgrade the vulnerble shared library introduced by package zelos? #140

Description

Issue Description

Suggested Vulnerability Patch Versions

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions