From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: bug#32877: Python-2 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647
	CVE-2018-1000802
Date: Sat, 29 Sep 2018 15:18:27 -0400
Message-ID: <20180929191827.GA17619@jasmine.lan>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="rwEMma7ioTxnRzrJ"
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:48128)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1g6Kle-0006mD-U6
	for bug-guix@gnu.org; Sat, 29 Sep 2018 15:19:08 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1g6Kla-0002fn-VE
	for bug-guix@gnu.org; Sat, 29 Sep 2018 15:19:06 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:54901)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1g6Kla-0002ff-N3
	for bug-guix@gnu.org; Sat, 29 Sep 2018 15:19:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1g6Kla-00077M-HP
	for bug-guix@gnu.org; Sat, 29 Sep 2018 15:19:02 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.32877.B.153824872727337@debbugs.gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:48002)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1g6KlB-0006ik-Kj
	for bug-guix@gnu.org; Sat, 29 Sep 2018 15:18:38 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1g6Kl7-0002Ut-Mo
	for bug-guix@gnu.org; Sat, 29 Sep 2018 15:18:37 -0400
Received: from out3-smtp.messagingengine.com ([66.111.4.27]:37419)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <leo@famulari.name>) id 1g6Kl7-0002UZ-FS
	for bug-guix@gnu.org; Sat, 29 Sep 2018 15:18:33 -0400
Received: from localhost (50-207-9-203-static.hfc.comcastbusiness.net
	[50.207.9.203])
	by mail.messagingengine.com (Postfix) with ESMTPA id DB5E9E47C0
	for <bug-guix@gnu.org>; Sat, 29 Sep 2018 15:18:29 -0400 (EDT)
Content-Disposition: inline
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: 32877@debbugs.gnu.org


--rwEMma7ioTxnRzrJ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Here are some bugs that apply to our Python 2.7.14 package.

CVE-2018-1060 (fixed upstream in Python 2.7.15):
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060

CVE-2018-1061 (fixed upstream in Python 2.7.15):
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061

CVE-2018-14647 (fixed in unreleased CPython commit
18b20bad75b4ff0486940fba4ec680e96e70f3a2):
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647

CVE-2018-1000802 (fixed in unreleased CPython commit
d8b103b8b3ef9644805341216963a64098642435):
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000802

--rwEMma7ioTxnRzrJ
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAluvz/8ACgkQJkb6MLrK
fwg3/A/+K3kU1Npbdnz751GugCsCuwuDMXmy0vwtKZ+uHtHiF3Z5vgGFOeAxaagl
JlV8vUf4zVcBfdX5tlZEga7rBNNvpmU5xAT3stb/jG0LqMtTiRmIG0XIRgZ3L8JA
f0DVwObTtLcFXnvSYfqSyrRtBg1XMvWGE5hbHKurloR2Au7zitzwhAzQWEXaOt4r
iImjtEpEmi30E6l2jJC3OE12zmmPR6pEUlakyo3gphCCiIDXfxUTX/yAX+ml/yKo
l7s3/O4AoQiPIrH8dqzC3oq8vxnyPZklr0ydcz2XWmc1qMCWBWDuW4A+SFYAVbEu
KvaXccFaQ02Kh9VcBGO+kmc9QmBgnciF7UDM9N1vRdTXB+pZFWpGZ9y4sOhq3iNU
lgPB6pGTE70IJ+Qh3s2lckkzJ70YBQFDg7bhpRGbujMTaBbMk/vcKXU0zQ0O/T3D
5O+vrKJVgPOitV07rF9M6i/01mDJzHBwsPoOMq4Y9hu5Adr/Ede5i5KAq/lXLHtr
qur4g9q4W863RAvdO8Dqkf/Zp36p86oj35Dno5/KXYFQaIGyTmTU67SUqWRSDgZc
dwkR6snT97bxiK7U61kT/CfcmXphBamU0ObrjU/cVTgWjS3UC9lmd2miGg42Q1c+
95QGsVq3sCB5Y8YA4SKC83TRJTOlr9yvROdWfQnDpu+y1i6z9iQ=
=eaCa
-----END PGP SIGNATURE-----

--rwEMma7ioTxnRzrJ--