|
Bugzilla – Full Text Bug Listing |
| Summary: | Python3 issues with distributed version 3.4.1 | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Distribution | Reporter: | Hans-Peter Jansen <hpj> |
| Component: | Other | Assignee: | Jan Matejek <jmatejek> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | astieger, jmatejek |
| Version: | Leap 42.1 | ||
| Target Milestone: | --- | ||
| Hardware: | x86-64 | ||
| OS: | openSUSE 42.1 | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | Prioritize lowercase proxy variables in urllib.request | ||
|
Description
Hans-Peter Jansen
2016-06-07 19:36:30 UTC
hello, thank you for opening the issue and pinging me this way :) I have now finished reviewing the modifications you made to the CGIHTTPServer patch, because they looked wrong. I have discovered that even though the patch applies, the CVE issue in question was in fact already fixed in 3.4.4, albeit in a different way. Reapplying the old patch caused a different test to fail, and combined with a bug in the unittest module, this produced a spurious-looking failure. The correct thing to do is to drop the CGIHTTPServer patch completely. Please do that, and then feel free to submit a maintenance request to Leap and 13.2, i will accept the reviews. Let's wait for Python 3.4.5 release for this. It is scheduled for June 26. Created attachment 680889 [details] Prioritize lowercase proxy variables in urllib.request Fine with me. Meanwhile, would you kindly review the patch at https://hg.python.org/cpython/rev/49b975122022/ fixing http://bugs.python.org/issue26804 please? Will attach it here, too. Since it is not security related, it is not supposed for 3.4.5, but it is nagging me significantly, therefore I fixed it. It will appear in the next 3.5 and 2.7 series. Python 3.4.5 is out, so feel free to continue with the process. you can include your patch in the maintenance update for 13.2 and Leap 42.1. It probably won't get into SLE, but you don't need to care about that :) with your last submission, there were some broken changelogs. I recommend checking out clean versions of the packages from 13.2 and Leap, copying them over, and ensuring that all your entries are only added on top of the changelog. openSUSE-SU-2016:2120-1: An update that solves 5 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 935856,951166,983582,984751,985177,985348,989523 CVE References: CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699 Sources used: openSUSE Leap 42.1 (src): python3-3.4.5-8.1, python3-base-3.4.5-8.1, python3-doc-3.4.5-8.1 openSUSE 13.2 (src): python3-3.4.5-4.4.1, python3-base-3.4.5-4.4.1, python3-doc-3.4.5-4.4.1 Anything left to do here? No, thanks for the note. It was a pleasure to work with you all on this. SUSE-SU-2016:2653-1: An update that solves four vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 951166,983582,984751,985177,985348,989523,991069 CVE References: CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): python3-base-3.4.5-17.1 SUSE Linux Enterprise Server 12-SP1 (src): python3-3.4.5-17.1, python3-base-3.4.5-17.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): python3-3.4.5-17.1, python3-base-3.4.5-17.1 SUSE Linux Enterprise Desktop 12-SP1 (src): python3-3.4.5-17.1, python3-base-3.4.5-17.1 SUSE-SU-2016:2859-1: An update that solves four vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 951166,983582,984751,985177,985348,989523,991069 CVE References: CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP2 (src): python3-base-3.4.5-19.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): python3-3.4.5-19.1, python3-base-3.4.5-19.1 SUSE Linux Enterprise Server 12-SP2 (src): python3-3.4.5-19.1, python3-base-3.4.5-19.1 SUSE Linux Enterprise Desktop 12-SP2 (src): python3-3.4.5-19.1, python3-base-3.4.5-19.1 SUSE-SU-2020:0114-1: An update that solves 26 vulnerabilities and has 30 fixes is now available. Category: security (important) Bug References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523 CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2, python3-doc-3.6.10-3.42.3 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2, python3-doc-3.6.10-3.42.3 SUSE Linux Enterprise Module for Development Tools 15-SP1 (src): python3-base-3.6.10-3.42.2 SUSE Linux Enterprise Module for Development Tools 15 (src): python3-base-3.6.10-3.42.2 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2 SUSE Linux Enterprise Module for Basesystem 15 (src): python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. openSUSE-SU-2020:0086-1: An update that solves 26 vulnerabilities and has 30 fixes is now available. Category: security (important) Bug References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523 CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947 Sources used: openSUSE Leap 15.1 (src): python3-3.6.10-lp151.6.7.1, python3-base-3.6.10-lp151.6.7.1 SUSE-SU-2020:0302-1: An update that solves 10 vulnerabilities and has 11 fixes is now available. Category: security (important) Bug References: 1027282,1029377,1081750,1083507,1086001,1088009,1094814,1109663,1137942,1138459,1141853,1149121,1149429,1149792,1149955,1151490,1159035,1159622,709442,951166,983582 CVE References: CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947 Sources used: SUSE Linux Enterprise Server 12-SP5 (src): python36-3.6.10-4.3.5, python36-base-3.6.10-4.3.5 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. This is an autogenerated message for OBS integration: This bug (983582) was mentioned in https://build.opensuse.org/request/show/851367 Factory / python36 This is an autogenerated message for OBS integration: This bug (983582) was mentioned in https://build.opensuse.org/request/show/852415 Factory / python36 This is an autogenerated message for OBS integration: This bug (983582) was mentioned in https://build.opensuse.org/request/show/853277 Factory / python36 This is an autogenerated message for OBS integration: This bug (983582) was mentioned in https://build.opensuse.org/request/show/853314 Factory / python36 This is an autogenerated message for OBS integration: This bug (983582) was mentioned in https://build.opensuse.org/request/show/856737 Factory / python36 This is an autogenerated message for OBS integration: This bug (983582) was mentioned in https://build.opensuse.org/request/show/923499 Factory / python36 This is an autogenerated message for OBS integration: This bug (983582) was mentioned in https://build.opensuse.org/request/show/926876 Factory / python36 |