Bug 1708419
Summary: | Update Python 3 to 3.6.9 [rhscl-3.4.0] | |||
---|---|---|---|---|
Product: | Red Hat Software Collections | Reporter: | Charalampos Stratakis <cstratak> | |
Component: | python | Assignee: | Python Maintainers <python-maint> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | RHEL CS Apps Subsystem QE <rhel-cs-apps-subsystem-qe> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | unspecified | |||
Version: | rh-python36 | CC: | bgollahe, hhorak, tborcin, torsava | |
Target Milestone: | alpha | Keywords: | Rebase | |
Target Release: | 3.3 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | rh-python36-python-3.6.9-1.el6 rh-python36-python-3.6.9-1.el7 | Doc Type: | Rebase: Bug Fixes Only | |
Doc Text: |
The following packages have been upgraded to a later upstream version:
rh-python36-python (3.6.9). (BZ#1709344)
Security Fix(es):
* python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method
in difflib (CVE-2018-1061)
* python: Missing salt initialization in _elementtree.c module (CVE-2018-14647)
* python: Cookie domain check returns incorrect results (CVE-2018-20852)
* python: NULL pointer dereference using a specially crafted X509 certificate
(CVE-2019-5010)
* python: CRLF injection via the query part of the url passed to urlopen()
(CVE-2019-9740)
* python: CRLF injection via the path part of the url passed to urlopen()
(CVE-2019-9947)
* python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056)
* python: DOS via regular expression catastrophic backtracking in apop() method
in pop3lib (CVE-2018-1060)
* python: Integer overflow in Modules/_pickle.c allows for memory exhaustion if
serializing gigabytes of data (CVE-2018-20406)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Bug Fix(es):
* urlsplit doesn't accept a NFKD hostname with a port number (BZ#1709340)
* rh-python36 cannot unpickle datetime.date objects (BZ#1749103)
|
Story Points: | --- | |
Clone Of: | ||||
: | 1709344 (view as bug list) | Environment: | ||
Last Closed: | 2019-12-19 16:50:34 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1563452, 1563488, 1636841, 1670066, 1709344, 1709350, 1709351, 1709355, 1709356 |
Description
Charalampos Stratakis
2019-05-09 20:28:43 UTC
Hey Charris, just FYI this bug already has an Errata created in advance: https://errata.devel.redhat.com/errata/details/42492 If it's not appropriate, let me know, we can close it. |