Summary: | <dev-lang/python-{2.7.18_p11,3.6.13_p5,3.7.10_p6,3.8.10_p2,3.9.5_p2,3.10.0_beta2} <dev-python/pypy-7.3.4_p1 <dev-python/pypy3-{7.3.4_p2,7.3.5_rc3_p1}: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michał Górny <mgorny> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa+] | ||
Package list: |
dev-lang/python-2.7.18_p11
dev-python/pypy-7.3.4_p1 amd64 x86
|
Runtime testing required: | --- |
Description
Michał Górny
2021-06-02 07:15:03 UTC
Applicable: 3.10.0b2: (none) 3.9.5_p1: 1 3 4 3.8.10_p1: 1 3 4 3.7.10_p4: 1 2* 3 4 [to be continued] * the 'bigger' regression in IPv4 addr parsing was added in 3.8 but I've backported making it even more strict now I'm working on patches for 3.7 now; also need to wait for 3.7 cleanup on my system to complete as leftover packages break CPython's test suite x_x. 3.6.13_p4: 1 2* 3+ 4 2.7.18_p10: 1+ 3+ pypy3 7.3.5_rc3: 1 2* 3+ 4 pypy 7.3.5_rc3: 1+ 3+ + I am not going to backport this patch as it's too much effort for little gain Let's skip the earlier revision where applicable and stabilize newest revisions for all versions. arm done arm64 done sparc stable hppa stable ppc done amd64 done x86 done ppc64 done all arches done Thank you! Please cleanup. Cleanups pushed. So I've eventually backported it to Python 2.7, and I'm testing it now. Once done, should I reuse this bug to stabilize Python 2.7 and PyPy, or file another one? Sam said to reuse! Resetting sanity check; keywords are not fully specified and arches are not CC-ed. sparc done arm64 done arm done ppc done ppc64 done hppa stable stabilized Unable to check for sanity:
> no match for package: dev-python/pypy-7.3.4_p1
Unable to check for sanity:
> no match for package: dev-lang/python-2.7.18_p11
GLSA requested The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=721dfacf17914fe5f7bfa3d0b401379d6318f7b1 commit 721dfacf17914fe5f7bfa3d0b401379d6318f7b1 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 09:12:43 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 09:31:45 +0000 [ GLSA 202305-02 ] Python, PyPy3: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/787260 Bug: https://bugs.gentoo.org/793833 Bug: https://bugs.gentoo.org/811165 Bug: https://bugs.gentoo.org/834533 Bug: https://bugs.gentoo.org/835443 Bug: https://bugs.gentoo.org/838250 Bug: https://bugs.gentoo.org/864747 Bug: https://bugs.gentoo.org/876815 Bug: https://bugs.gentoo.org/877851 Bug: https://bugs.gentoo.org/878385 Bug: https://bugs.gentoo.org/880629 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-02.xml | 107 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 107 insertions(+) |