| Summary: | <dev-lang/python-{3.10.10_p2,3.9.16_p2,3.8.16_p3}, <dev-python/pypy3-7.3.11_p1: urllib.parse blocklist bypass | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | mgorny, python |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://pointernull.com/security/python-url-parse-problem.html | ||
| Whiteboard: | A3 [glsa+] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 897998, 898000, 898002, 898004 | ||
| Bug Blocks: | |||
|
Description
John Helmert III
2023-02-26 18:21:29 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ecd2c2d85b898277bb08f2e09d5ab2eefbdafc5 commit 7ecd2c2d85b898277bb08f2e09d5ab2eefbdafc5 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2023-02-26 20:03:12 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2023-02-26 20:11:16 +0000 dev-python/pypy3: Backport CVE-2023-24329 fix to 7.3.11_p1 Bug: https://bugs.gentoo.org/897958 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-python/pypy3/Manifest | 1 + dev-python/pypy3/pypy3-7.3.11_p1.ebuild | 205 ++++++++++++++++++++++++++++++++ 2 files changed, 206 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3dbd956b4363bab8ab06697f5e6a797a348fab0f commit 3dbd956b4363bab8ab06697f5e6a797a348fab0f Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2023-02-26 20:01:25 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2023-02-26 20:11:15 +0000 dev-lang/python: Backport CVE-2023-24329 fix to 3.8.16_p3 Bug: https://bugs.gentoo.org/897958 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-lang/python/Manifest | 1 + dev-lang/python/python-3.8.16_p3.ebuild | 425 ++++++++++++++++++++++++++++++++ 2 files changed, 426 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd4fb5da1b236a01c915d81ce8732b1e5ba6c26f commit fd4fb5da1b236a01c915d81ce8732b1e5ba6c26f Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2023-02-26 20:00:08 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2023-02-26 20:11:14 +0000 dev-lang/python: Backport CVE-2023-24329 fix to 3.9.16_p2 Bug: https://bugs.gentoo.org/897958 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-lang/python/Manifest | 1 + dev-lang/python/python-3.9.16_p2.ebuild | 481 ++++++++++++++++++++++++++++++++ 2 files changed, 482 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=215857178d642e1d21d3d6deab0fad7c8797fc55 commit 215857178d642e1d21d3d6deab0fad7c8797fc55 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2023-02-26 19:58:41 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2023-02-26 20:11:14 +0000 dev-lang/python: Backport CVE-2023-24329 fix to 3.10.10_p2 Bug: https://bugs.gentoo.org/897958 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-lang/python/Manifest | 1 + dev-lang/python/python-3.10.10_p2.ebuild | 486 +++++++++++++++++++++++++++++++ 2 files changed, 487 insertions(+) cleanup done. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=665ec86173a28118d28182d8381d593988f1adac commit 665ec86173a28118d28182d8381d593988f1adac Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-04 05:59:08 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-04 06:00:31 +0000 [ GLSA 202405-01 ] Python, PyPy3: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/884653 Bug: https://bugs.gentoo.org/897958 Bug: https://bugs.gentoo.org/908018 Bug: https://bugs.gentoo.org/912976 Bug: https://bugs.gentoo.org/919475 Bug: https://bugs.gentoo.org/927299 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-01.xml | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) |