Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 782520

Summary: <dev-python/pypy3-7.3.3_p37_p3, <dev-python/pypy-7.3.3_p3: multiple vulnerabilities
Product: Gentoo Security Reporter: Michał Górny <mgorny>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: python
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=779841
Whiteboard: B4 [glsa+]
Package list:
dev-python/pypy3-7.3.3_p37_p3 dev-python/pypy3-exe-7.3.3_p37_p2 dev-python/pypy3-exe-bin-7.3.3_p37_p2 dev-python/pypy-7.3.3_p3
Runtime testing required: ---

Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2021-04-12 13:51:32 UTC
Same stuff as CPython:

- bpo-42988: Remove the pydoc getfile feature
- bpo-43285 Make ftplib not trust the PASV response.
Comment 1 NATTkA bot gentoo-dev 2021-04-12 13:52:23 UTC Comment hidden (obsolete)
Comment 2 NATTkA bot gentoo-dev 2021-04-12 13:56:23 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-04-16 13:45:44 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-04-16 13:48:38 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-04-16 13:53:13 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-04-16 13:56:38 UTC Comment hidden (obsolete)
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-04-19 21:24:26 UTC Comment hidden (obsolete)
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-04-19 21:24:53 UTC Comment hidden (obsolete)
Comment 9 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-04-19 21:27:25 UTC
(In reply to Sam James from comment #8)
> amd64 done
> 
> all arches done

Ignore, sorry
Comment 10 Agostino Sarubbo gentoo-dev 2021-05-01 18:20:13 UTC
amd64 stable
Comment 11 Agostino Sarubbo gentoo-dev 2021-05-11 10:03:36 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 12 NATTkA bot gentoo-dev 2021-05-19 20:24:28 UTC
Unable to check for sanity:

> no match for package: dev-python/pypy3-7.3.3_p37_p3
Comment 13 Larry the Git Cow gentoo-dev 2024-09-22 06:59:25 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=0fab7436a742d3f4e2260e183a9d563267fb75b8

commit 0fab7436a742d3f4e2260e183a9d563267fb75b8
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-09-22 06:59:11 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-09-22 06:59:21 +0000

    [ GLSA 202409-12 ] pypy, pypy3: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/741496
    Bug: https://bugs.gentoo.org/741560
    Bug: https://bugs.gentoo.org/774114
    Bug: https://bugs.gentoo.org/782520
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202409-12.xml | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)