Overview
Request 983936 accepted
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
command injection in the mailcap module.
- Fix building of documentation and the universal configuration of the
%primary_interpreter.
- Switch primary_interpreter from python38 to python310 for
Factory (only)
- (bsc#1196784, CVE-2022-25236) Rename patch:
support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch
and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5
as it was fully patched against CVE-2022-25236.
Request History
mcepl created request
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
command injection in the mailcap module.
- Fix building of documentation and the universal configuration of the
%primary_interpreter.
- Switch primary_interpreter from python38 to python310 for
Factory (only)
- (bsc#1196784, CVE-2022-25236) Rename patch:
support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch
and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5
as it was fully patched against CVE-2022-25236.
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
dimstar accepted review
dimstar_suse set openSUSE:Factory:Staging:A as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:A"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:A"
licensedigger accepted review
ok
dimstar_suse accepted review
Staging Project openSUSE:Factory:Staging:A got accepted.
dimstar_suse approved review
Staging Project openSUSE:Factory:Staging:A got accepted.
dimstar_suse accepted request
Staging Project openSUSE:Factory:Staging:A got accepted.
6+%if 0%{?sle_version} || 0%{?suse_version} < 1550 7+%define primary_interpreter 0ok, so you really want to touch this for CODE16 again... be my guest
(we should probably look closer into that gh issue to get the 'default' definition out of the spec into prjconf)
Completely agree concerning gh#openSUSE/python-rpm-macros#127 but I just want to have this package out of my concern for now. We will have to deal with these definitions then anyway.