File _patchinfo of Package patchinfo.727

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.727

<patchinfo incident="727">
  <issue id="898572" tracker="bnc">CVE-2014-7185: python: potential buffer overflow</issue>
  <issue id="901715" tracker="bnc">python: Disable SSLv2 in Python by default</issue>
  <issue id="924312" tracker="bnc">Tracker Bug FATE#318300: [ECO] Update Python to 2.7.9</issue>
  <issue id="935856" tracker="bnc"></issue>
  <issue id="318300" tracker="fate">Update Python to 2.7.9</issue>
  <issue id="CVE-2014-7185" tracker="cve" />
  <issue id="CVE-2013-1752" tracker="cve" />
  <issue id="CVE-2014-4650" tracker="cve" />
  <issue id="CVE-2013-1753" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>matejcik</packager>
  <description>This update to python 2.7.9 fixes the following issues:
* python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64

From the version update to 2.7.9:
  * contains full backport of ssl module from Python 3.4 (PEP466)
  * HTTPS certificate validation enabled by default (PEP476)
  * SSLv3 disabled by default (bnc#901715)
  * backported ensurepip module (PEP477)
  * fixes several missing CVEs from last release: CVE-2013-1752, CVE-2013-1753
  * dropped upstreamed patches: python-2.7.6-poplib.patch,
    smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch
  * dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it
    with ssl module from Python 3
  * libffi was upgraded upstream, seems to contain our changes,
    so dropping libffi-ppc64le.diff as well
  * python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional
    "import ssl" from test_urllib2_localnet that caused it to fail without ssl

* skip test_thread in qemu_linux_user mode

From the version update to 2.7.8:
  * fixes CVE-2014-4650 directory traversal in CGIHTTPServer
  * fixes CVE-2014-7185 (bnc#898572) potential buffer overflow in buffer()

Also the DH parameters were increased to 2048 bit to fix logjam security issue (bsc#935856)
</description>
  <summary>Security update for python</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.727

Places