Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 811165

Summary: <dev-lang/python-{2.7.18_p12,3.6.14_p1,3.7.11_p1,3.8.12,3.9.6_p2,3.10.0_rc1_p2}, <dev-python/pypy{,3}-7.3.5_p1: multiple vulnerabilities
Product: Gentoo Security Reporter: Michał Górny <mgorny>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: python
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A4 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 811213, 811219, 811222, 811225, 811228, 811231, 811234    
Bug Blocks:    

Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2021-08-30 21:37:32 UTC
From most recent py3.10 git pull:


commit 0897253f426068ea6a6fbe0ada01689af9ef1019
Author: Miguel Brito <5544985+miguendes@users.noreply.github.com>
Date:   2021-08-29 16:10:50 +0200

    bpo-43124: Fix smtplib multiple CRLF injection (GH-25987)
    
    Co-authored-by: Łukasz Langa <lukasz@langa.pl>

commit c9227df5a9d8e958a2324cf0deba8524d1ded26a
Author: E-Paine <63801254+E-Paine@users.noreply.github.com>
Date:   2021-08-29 13:07:51 +0200

    bpo-42278: Use tempfile.TemporaryDirectory rather than tempfile.mktemp in pydoc (GH-23200)
    
    Co-authored-by: Łukasz Langa <lukasz@langa.pl>
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2021-08-30 22:20:58 UTC
I've managed to backport it to all py3 versions but I need to work more on py2.7 backport.  It's gotten really late, so I'll address that the first thing tomorrow.
Comment 2 John Helmert III gentoo-dev Security 2021-08-31 16:01:02 UTC
Thanks!
Comment 3 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2021-09-20 16:21:27 UTC
cleanup done
Comment 4 John Helmert III gentoo-dev Security 2021-09-20 16:26:29 UTC
Thanks!