| |||||||||||||||||||
|
| |||||||||||||||||||
Fedora alert FEDORA-2010-13388 (python3)
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-13388 2010-08-23 21:40:14 -------------------------------------------------------------------------------- Name : python3 Product : Fedora 13 Version : 3.1.2 Release : 7.fc13 URL : http://www.python.org/ Summary : Version 3 of the Python programming language aka Python 3000 Description : Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed. -------------------------------------------------------------------------------- Update Information: - Backport from F14: - Fix for lone surrogates, utf8 and certain encode error handlers. - Fix an incompatibility between pyexpat and the system expat-2.0.1 that led to a segfault running test_pyexpat.py (patch 110; upstream issue 9054; rhbz#610312) -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 22 2010 Toshio Kuratomi <toshio@fedoraproject.org> - 3.1.2-7 - Backport from F14: - Fix for lone surrogates, utf8 and certain encode error handlers. - Fix an incompatibility between pyexpat and the system expat-2.0.1 that led to a segfault running test_pyexpat.py (patch 110; upstream issue 9054; rhbz#610312) * Fri Jun 4 2010 David Malcolm <dmalcolm@redhat.com> - 3.1.2-6 - ensure that the compiler is invoked with "-fwrapv" (rhbz#594819) - reformat whitespace in audioop.c (patch 106) - CVE-2010-1634: fix various integer overflow checks in the audioop module (patch 107) - CVE-2010-2089: further checks within the audioop module (patch 108) - CVE-2008-5983: the new PySys_SetArgvEx entry point from r81399 (patch 109) * Tue Apr 13 2010 David Malcolm <dmalcolm@redhat.com> - 3.1.2-5 - exclude test_http_cookies when running selftests, due to hang seen on http://koji.fedoraproject.org/koji/taskinfo?taskID=2088463 (cancelled after 11 hours) - update python-gdb.py from v5 to py3k version submitted upstream * Wed Mar 31 2010 David Malcolm <dmalcolm@redhat.com> - 3.1.2-4 - update python-gdb.py from v4 to v5 (improving performance and stability, adding commands) * Thu Mar 25 2010 David Malcolm <dmalcolm@redhat.com> - 3.1.2-3 - update python-gdb.py from v3 to v4 (fixing infinite recursion on reference cycles and tracebacks on bytes 0x80-0xff in strings, adding handlers for sets and exceptions) * Wed Mar 24 2010 David Malcolm <dmalcolm@redhat.com> - 3.1.2-2 - refresh gdb hooks to v3 (reworking how they are packaged) * Sun Mar 21 2010 David Malcolm <dmalcolm@redhat.com> - 3.1.2-1 - update to 3.1.2: http://www.python.org/download/releases/3.1.2/ - drop upstreamed patch 2 (.pyc permissions handling) - drop upstream patch 5 (fix for the test_tk and test_ttk_* selftests) - drop upstreamed patch 200 (path-fixing script) * Sat Mar 20 2010 David Malcolm <dmalcolm@redhat.com> - 3.1.1-28 - fix typo in libpython.stp (rhbz:575336) * Fri Mar 12 2010 David Malcolm <dmalcolm@redhat.com> - 3.1.1-27 - add pyfuntop.stp example (source 7) - convert usage of $$RPM_BUILD_ROOT to %{buildroot} throughout, for consistency with python.spec -------------------------------------------------------------------------------- References: [ 1 ] Bug #590690 - CVE-2010-1634 python: audioop: incorrect integer overflow checks https://bugzilla.redhat.com/show_bug.cgi?id=590690 [ 2 ] Bug #598197 - CVE-2010-2089 Python: Memory corruption in audioop module https://bugzilla.redhat.com/show_bug.cgi?id=598197 [ 3 ] Bug #482814 - CVE-2008-5983 python: untrusted python modules search path https://bugzilla.redhat.com/show_bug.cgi?id=482814 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update python3' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-... (Log in to post comments)
|
|
||||||||||||||||||