Candidate: CVE-2020-8315
PublicDate: 2020-01-28 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8315
 https://bugs.python.org/issue39401
Description:
 In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through
 3.8.1, an insecure dependency load upon launch on Windows 7 may result in
 an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used
 instead of the system's copy. Windows 8 and later are unaffected.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N [5.5 MEDIUM]


Patches_python3.8:
upstream_python3.8: not-affected (debian: Windows-specific)
precise/esm_python3.8: DNE
trusty_python3.8: ignored (out of standard support)
trusty/esm_python3.8: DNE
xenial_python3.8: DNE
bionic_python3.8: not-affected (windows specific)
eoan_python3.8: not-affected (windows specific)
devel_python3.8: not-affected (windows specific)

Patches_python3.7:
upstream_python3.7: not-affected (debian: Windows-specific)
precise/esm_python3.7: DNE
trusty_python3.7: ignored (out of standard support)
trusty/esm_python3.7: DNE
xenial_python3.7: DNE
bionic_python3.7: not-affected (windows specific)
eoan_python3.7: not-affected (windows specific)
devel_python3.7: not-affected (windows specific)