Bug 1483689
Summary: | CVE-2017-12852 python3-numpy: numpy: Missing input validation on empty list or ndarray in numpy.pad function [epel-all] | ||
---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | Pedro Sampaio <psampaio> |
Component: | python3-numpy | Assignee: | Petr Viktorin (pviktori) <pviktori> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | epel7 | CC: | ishcherb, orion, psampaio, pviktori, TicoTimo |
Target Milestone: | --- | Keywords: | Reopened, Security, SecurityTracking |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | python3-numpy-1.10.4-6.el6 python3-numpy-1.10.4-5.el7 | Doc Type: | Release Note |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-10-04 21:47:37 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1483686 |
Description
Pedro Sampaio
2017-08-21 18:09:48 UTC
Use the following template to for the 'fedpkg update' request to submit an update for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. ===== # bugfix, security, enhancement, newpackage (required) type=security # testing, stable request=testing # Bug numbers: 1234,9876 bugs=1483686 # Description of your update notes=Security fix for [PUT CVEs HERE] # Enable request automation based on the stable/unstable karma thresholds autokarma=True stable_karma=3 unstable_karma=-3 # Automatically close bugs when this marked as stable close_bugs=True # Suggest that users restart after update suggest_reboot=False ====== Additionally, you may opt to use the bodhi web interface to submit updates: https://bodhi.fedoraproject.org/updates/new I can bakport the change from upstream or Fedora when it comes out. Orion (or anyone), if you'd like to do it sooner, please re-take the issue. Thanks! Current status: A fix was merged upstream, but it wasn't entirely correct. Waiting for the next version. Current status: The correct fix was already merged upstream. However, the bug is open against epel7 component, although, according to this commit [0], the package is retired there as it is now in rhel7. So where should it be back-ported to? [0] https://src.fedoraproject.org/rpms/numpy/c/df335cac7328a46167597706d25263ef90aee0bc?branch=epel7 Ah, didn't check if numpy is in EPEL7. This is for RHEL to handle, then. Ok, the package is retired in EPEL 7 then. Acknowledge. I guess there will be no more action from us except updating our tracking data. Thanks. (In reply to Iryna Shcherbina from comment #5) > However, the bug is open against epel7 component, although, according to > this commit [0], the package is retired there as it is now in rhel7. So > where should it be back-ported to? This bug is against EPEL-7 product, and python3-numpy component, not numpy component. The numpy component is not in EPEL-7 because the same component is in RHEL-7 too, but there is the separate python3-numpy, apparently for use with python34 that is only in EPEL-7. python3-numpy is not retired, afaics. http://pkgs.fedoraproject.org/cgit/rpms/python3-numpy.git/log/?h=epel7 (In reply to Tomas Hoger from comment #8) > This bug is against EPEL-7 product, and python3-numpy component, not numpy > component. Thanks for clarifying it for me. The patch is available in in the following PR: https://src.fedoraproject.org/rpms/python3-numpy/pull-request/1 python3-numpy-1.10.4-6.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e50abdd3d5 python3-numpy-1.10.4-5.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2795d59fcc python3-numpy-1.10.4-6.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e50abdd3d5 python3-numpy-1.10.4-5.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2795d59fcc python3-numpy-1.10.4-6.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. python3-numpy-1.10.4-5.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report. |