From: Marius Bakke <mbakke@fastmail.com>
To: Mark H Weaver <mhw@netris.org>, Leo Famulari <leo@famulari.name>
Cc: 32877-done@debbugs.gnu.org
Subject: bug#32877: Python-2 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-1000802
Date: Wed, 17 Oct 2018 20:35:49 +0200 [thread overview]
Message-ID: <875zy0h14q.fsf@fastmail.com> (raw)
In-Reply-To: <87o9c0ykol.fsf@netris.org>
[-- Attachment #1: Type: text/plain, Size: 1341 bytes --]
Mark H Weaver <mhw@netris.org> writes:
> Leo Famulari <leo@famulari.name> writes:
>
>> On Sat, Oct 06, 2018 at 06:53:36PM +0200, Marius Bakke wrote:
>>> From 2891a9acb7704c3397ef34fbb520b46936504422 Mon Sep 17 00:00:00 2001
>>> From: Marius Bakke <mbakke@fastmail.com>
>>> Date: Sat, 6 Oct 2018 18:50:47 +0200
>>> Subject: [PATCH] gnu: python2: Add upstream security fixes.
>>>
>>> This addresses CVE-2018-{1060,1061,14647,1000802}.
>>>
>>> * gnu/packages/patches/python2-CVE-2018-1000802.patch,
>>> gnu/packages/patches/python2-CVE-2018-1060.patch,
>>> gnu/packages/patches/python2-CVE-2018-1061.patch,
>>> gnu/packages/patches/python2-CVE-2018-14647.patch: New files.
>>> * gnu/local.mk (dist_patch_DATA): Register it.
>>> * gnu/packages/python.scm (python-2/fixed): New variable.
>>> (python-2.7)[replacement]: New field.
>>> (python2-minimal): Use PACKAGE/INHERIT.
>>
>> Thanks! I did some basic tests and things seem to work.
>
> I added this commit to my private branch a few days ago, along with the
> Python-3 CVE-2018-14647 fix (with the added hunk), updated my GuixSD
> GNOME 3 system and user profile, and everything seems to be working
> well.
>
> I think they are both ready to push to master.
Hi Mark,
Thank you very much for testing. I've pushed these patches now, sorry
for the delay!
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
prev parent reply other threads:[~2018-10-17 18:36 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-29 19:18 bug#32877: Python-2 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-1000802 Leo Famulari
2018-10-06 16:53 ` Marius Bakke
2018-10-10 19:14 ` Leo Famulari
2018-10-11 8:03 ` Mark H Weaver
2018-10-17 18:35 ` Marius Bakke [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=875zy0h14q.fsf@fastmail.com \
--to=mbakke@fastmail.com \
--cc=32877-done@debbugs.gnu.org \
--cc=leo@famulari.name \
--cc=mhw@netris.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).