vulnerability in libuv v1.46.0

[javaccar]

• uvloop version: 0.19.0
• Python version: 3.11
• Platform: linux
• Can you reproduce the bug with PYTHONASYNCIODEBUG in env?: n/a
• Does uvloop behave differently from vanilla asyncio? How?: n/a

uvloop uses libuv v1.46.0, which has a security vulnerability https://nvd.nist.gov/vuln/detail/CVE-2024-24806
the vulnerability was fixed in libuv v1.48.0 but uvloop is still using v1.46.0.

[fantix]

#600 would fix this

[javaccar]

Thanks @fantix ! Appreciate the quick response. I see #600 was just merged. Plans to cut a release and publish to pypi?

[fantix]

No problem! Yes, I'll cut it tomorrow.