From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: bug#32877: Python-2 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-1000802 Date: Wed, 10 Oct 2018 15:14:25 -0400 Message-ID: <20181010191425.GA22832@jasmine.lan> References: <20180929191827.GA17619@jasmine.lan> <87in2fhv8v.fsf@fastmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="gBBFr7Ir9EOA20Yy" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:46420) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gAJwo-00053Y-3B for bug-guix@gnu.org; Wed, 10 Oct 2018 15:15:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gAJwk-0007tS-V8 for bug-guix@gnu.org; Wed, 10 Oct 2018 15:15:06 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:39599) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gAJwk-0007tG-7A for bug-guix@gnu.org; Wed, 10 Oct 2018 15:15:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1gAJwj-0007PF-Rl for bug-guix@gnu.org; Wed, 10 Oct 2018 15:15:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: <87in2fhv8v.fsf@fastmail.com> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Marius Bakke Cc: 32877@debbugs.gnu.org --gBBFr7Ir9EOA20Yy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Oct 06, 2018 at 06:53:36PM +0200, Marius Bakke wrote: > From 2891a9acb7704c3397ef34fbb520b46936504422 Mon Sep 17 00:00:00 2001 > From: Marius Bakke > Date: Sat, 6 Oct 2018 18:50:47 +0200 > Subject: [PATCH] gnu: python2: Add upstream security fixes. >=20 > This addresses CVE-2018-{1060,1061,14647,1000802}. >=20 > * gnu/packages/patches/python2-CVE-2018-1000802.patch, > gnu/packages/patches/python2-CVE-2018-1060.patch, > gnu/packages/patches/python2-CVE-2018-1061.patch, > gnu/packages/patches/python2-CVE-2018-14647.patch: New files. > * gnu/local.mk (dist_patch_DATA): Register it. > * gnu/packages/python.scm (python-2/fixed): New variable. > (python-2.7)[replacement]: New field. > (python2-minimal): Use PACKAGE/INHERIT. Thanks! I did some basic tests and things seem to work. --gBBFr7Ir9EOA20Yy Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlu+T44ACgkQJkb6MLrK fwhdoA//Qv6eKfCl4lRaKkeuE9Jr56xtFAk72D5jxDh+ARJKUuJl8Re93hEIr8JW Jrw20qLMq3LY/2fqkCt8A2OqTwVnlHSKszGZzaSKKGTcp9BgA/H/8dX1epQYxS7e pVSroAmNi2zFPKHt6EDZmxJjXZMehC1H7f1WXxvo1wk9LDoSw6cEYOCf8eDtwMqU gc/AgIpy5BMQPc4Gn16b/4QZIH0oW2h0c3jzEOVMkwLTQjjRGhISNMtfKL+RERSL PI+iJ+v/xvjPCk6zFekeDiYoMszVAFGRqkzAqMDy0k2EK4kMxyDGthHdmX0vugyI n9fV4BHb35H+tJiQxbh5u8UkH2iukJtRDnwFiq3T6fUlpVw+JV8I0wppBR/E1aPw 1ltvm7b4LeTDNdnMLTeBTNRQQeq9WcQ5kTY8XiBcAiQ1FzGq8SmPLDgnJxITm8Az zBOEVhmkY84ZFWisVrEMvgoE/XALonJSTxOCCVEFJ6p5sqqLMEgHT8azkvC6FzjX 1zxf3MzAxPkOYy7OHASyiqmAEhcouOsOQ0yqtJVl8D9gvQEM/9eh1oyFlXy+jDlm a898P/YrTAr/XLikvjWl7rT9OsBbfI8WEroi+Ywg9WNxic7DSeDodae9OiZfL65X gjOQhqaaWTru8OCyAmhnreOf49LhSY7VR6N5R5bp5lel4ZGjz4I= =KN0+ -----END PGP SIGNATURE----- --gBBFr7Ir9EOA20Yy--