Red Hat Bugzilla – Bug 446007
Python Needs an Update
Last modified: 2009-05-14 23:29:01 EDT
Description of problem:
My exact use case is trying to push zope 2.10.6 out to epel5. However, we need
python 2.4.4+. (Yes, I could patch the makefile and likely everything will work)
There are security issues with 2.4.3. Please update to at least 2.4.4 (2.4.5
would be nice.)
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install python
2. Try building zope 2.10.6 (and 2.10.5.. unless patched)
Zope can build without being patched to ignore the python warnings.
Just because my usecase is for zope, this does not mean that the security issues
should not be addressed.
http://www.python.org/download/releases/2.4.4/NEWS.txt has all the stuff that
has been fixed.
bash$ rpm -q --changelog python | grep -i cve
- Fix CVE-2007-4965 int-overflow for some image operations
- Fixed bug #208166 / CVE-2006-4980: repr unicode buffer overflow
Security issues are addressed in the Red Hat version by backporting the fixes.
Zope can be easily compiled using the appropriate configure option:
running "make test" results in the following:
Total: 6518 tests, 0 failures, 0 errors in 2 minutes 49.169 seconds.