|
From: | GNU bug Tracking System |
Subject: | [debbugs-tracker] bug#32877: closed (Python-2 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-1000802) |
Date: | Wed, 17 Oct 2018 18:36:02 +0000 |
Your message dated Wed, 17 Oct 2018 20:35:49 +0200 with message-id <address@hidden> and subject line Re: bug#32877: Python-2 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-1000802 has caused the debbugs.gnu.org bug report #32877, regarding Python-2 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-1000802 to be marked as done. (If you believe you have received this mail in error, please contact address@hidden) -- 32877: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=32877 GNU Bug Tracking System Contact address@hidden with problems
--- Begin Message ---Subject: Python-2 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-1000802 Date: Sat, 29 Sep 2018 15:18:27 -0400 User-agent: Mutt/1.10.1 (2018-07-13) Here are some bugs that apply to our Python 2.7.14 package. CVE-2018-1060 (fixed upstream in Python 2.7.15): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060 CVE-2018-1061 (fixed upstream in Python 2.7.15): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061 CVE-2018-14647 (fixed in unreleased CPython commit 18b20bad75b4ff0486940fba4ec680e96e70f3a2): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647 CVE-2018-1000802 (fixed in unreleased CPython commit d8b103b8b3ef9644805341216963a64098642435): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000802signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Subject: Re: bug#32877: Python-2 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-1000802 Date: Wed, 17 Oct 2018 20:35:49 +0200 User-agent: Notmuch/0.27 (https://notmuchmail.org) Emacs/26.1 (x86_64-pc-linux-gnu) Mark H Weaver <address@hidden> writes: > Leo Famulari <address@hidden> writes: > >> On Sat, Oct 06, 2018 at 06:53:36PM +0200, Marius Bakke wrote: >>> From 2891a9acb7704c3397ef34fbb520b46936504422 Mon Sep 17 00:00:00 2001 >>> From: Marius Bakke <address@hidden> >>> Date: Sat, 6 Oct 2018 18:50:47 +0200 >>> Subject: [PATCH] gnu: python2: Add upstream security fixes. >>> >>> This addresses CVE-2018-{1060,1061,14647,1000802}. >>> >>> * gnu/packages/patches/python2-CVE-2018-1000802.patch, >>> gnu/packages/patches/python2-CVE-2018-1060.patch, >>> gnu/packages/patches/python2-CVE-2018-1061.patch, >>> gnu/packages/patches/python2-CVE-2018-14647.patch: New files. >>> * gnu/local.mk (dist_patch_DATA): Register it. >>> * gnu/packages/python.scm (python-2/fixed): New variable. >>> (python-2.7)[replacement]: New field. >>> (python2-minimal): Use PACKAGE/INHERIT. >> >> Thanks! I did some basic tests and things seem to work. > > I added this commit to my private branch a few days ago, along with the > Python-3 CVE-2018-14647 fix (with the added hunk), updated my GuixSD > GNOME 3 system and user profile, and everything seems to be working > well. > > I think they are both ready to push to master. Hi Mark, Thank you very much for testing. I've pushed these patches now, sorry for the delay!signature.asc
Description: PGP signature
--- End Message ---
[Prev in Thread] | Current Thread | [Next in Thread] |