Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 811165 (CVE-2022-0391) - <dev-lang/python-{2.7.18_p12,3.6.14_p1,3.7.11_p1,3.8.12,3.9.6_p2,3.10.0_rc1_p2} <dev-python/pypy{,3}-7.3.5_p1: multiple vulnerabilities
Summary: <dev-lang/python-{2.7.18_p12,3.6.14_p1,3.7.11_p1,3.8.12,3.9.6_p2,3.10.0_rc1_p...
Status: RESOLVED FIXED
Alias: CVE-2022-0391
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A4 [glsa+]
Keywords:
: 833095 (view as bug list)
Depends on: 811213 811219 811222 811225 811228 811231 811234
Blocks:
  Show dependency tree
 
Reported: 2021-08-30 21:37 UTC by Michał Górny
Modified: 2023-05-03 09:36 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2021-08-30 21:37:32 UTC
From most recent py3.10 git pull:


commit 0897253f426068ea6a6fbe0ada01689af9ef1019
Author: Miguel Brito <5544985+miguendes@users.noreply.github.com>
Date:   2021-08-29 16:10:50 +0200

    bpo-43124: Fix smtplib multiple CRLF injection (GH-25987)
    
    Co-authored-by: Łukasz Langa <lukasz@langa.pl>

commit c9227df5a9d8e958a2324cf0deba8524d1ded26a
Author: E-Paine <63801254+E-Paine@users.noreply.github.com>
Date:   2021-08-29 13:07:51 +0200

    bpo-42278: Use tempfile.TemporaryDirectory rather than tempfile.mktemp in pydoc (GH-23200)
    
    Co-authored-by: Łukasz Langa <lukasz@langa.pl>
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2021-08-30 22:20:58 UTC
I've managed to backport it to all py3 versions but I need to work more on py2.7 backport.  It's gotten really late, so I'll address that the first thing tomorrow.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-31 16:01:02 UTC
Thanks!
Comment 3 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2021-09-20 16:21:27 UTC
cleanup done
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-20 16:26:29 UTC
Thanks!
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-20 19:45:40 UTC
*** Bug 833095 has been marked as a duplicate of this bug. ***
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-19 01:15:20 UTC
GLSA requested
Comment 7 Larry the Git Cow gentoo-dev 2023-05-03 09:31:50 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=721dfacf17914fe5f7bfa3d0b401379d6318f7b1

commit 721dfacf17914fe5f7bfa3d0b401379d6318f7b1
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-05-03 09:12:43 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-05-03 09:31:45 +0000

    [ GLSA 202305-02 ] Python, PyPy3: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/787260
    Bug: https://bugs.gentoo.org/793833
    Bug: https://bugs.gentoo.org/811165
    Bug: https://bugs.gentoo.org/834533
    Bug: https://bugs.gentoo.org/835443
    Bug: https://bugs.gentoo.org/838250
    Bug: https://bugs.gentoo.org/864747
    Bug: https://bugs.gentoo.org/876815
    Bug: https://bugs.gentoo.org/877851
    Bug: https://bugs.gentoo.org/878385
    Bug: https://bugs.gentoo.org/880629
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202305-02.xml | 107 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 107 insertions(+)