[SECURITY] Fedora 13 Update: python3-3.1.2-7.fc13

updates at fedoraproject.org updates at fedoraproject.org
Sat Sep 4 04:58:36 UTC 2010 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-13388
2010-08-23 21:40:14
--------------------------------------------------------------------------------

Name        : python3
Product     : Fedora 13
Version     : 3.1.2
Release     : 7.fc13
URL         : http://www.python.org/
Summary     : Version 3 of the Python programming language aka Python 3000
Description :
Python 3 is a new version of the language that is incompatible with the 2.x
line of releases. The language is mostly the same, but many details, especially
how built-in objects like dictionaries and strings work, have changed
considerably, and a lot of deprecated features have finally been removed.

--------------------------------------------------------------------------------
Update Information:

- Backport from F14:    - Fix for lone surrogates, utf8 and certain encode error
handlers.    - Fix an incompatibility between pyexpat and the system expat-2.0.1
that led to a segfault running test_pyexpat.py (patch 110; upstream issue 9054;
rhbz#610312)
--------------------------------------------------------------------------------
ChangeLog:

* Sun Aug 22 2010 Toshio Kuratomi <toshio at fedoraproject.org> - 3.1.2-7
- Backport from F14:
  - Fix for lone surrogates, utf8 and certain encode error handlers.
  - Fix an incompatibility between pyexpat and the system expat-2.0.1 that led to
    a segfault running test_pyexpat.py (patch 110; upstream issue 9054; rhbz#610312)
* Fri Jun  4 2010 David Malcolm <dmalcolm at redhat.com> - 3.1.2-6
- ensure that the compiler is invoked with "-fwrapv" (rhbz#594819)
- reformat whitespace in audioop.c (patch 106)
- CVE-2010-1634: fix various integer overflow checks in the audioop
module (patch 107)
- CVE-2010-2089: further checks within the audioop module (patch 108)
- CVE-2008-5983: the new PySys_SetArgvEx entry point from r81399 (patch 109)
* Tue Apr 13 2010 David Malcolm <dmalcolm at redhat.com> - 3.1.2-5
- exclude test_http_cookies when running selftests, due to hang seen on
http://koji.fedoraproject.org/koji/taskinfo?taskID=2088463 (cancelled after
11 hours)
- update python-gdb.py from v5 to py3k version submitted upstream
* Wed Mar 31 2010 David Malcolm <dmalcolm at redhat.com> - 3.1.2-4
- update python-gdb.py from v4 to v5 (improving performance and stability,
adding commands)
* Thu Mar 25 2010 David Malcolm <dmalcolm at redhat.com> - 3.1.2-3
- update python-gdb.py from v3 to v4 (fixing infinite recursion on reference
cycles and tracebacks on bytes 0x80-0xff in strings, adding handlers for sets
and exceptions)
* Wed Mar 24 2010 David Malcolm <dmalcolm at redhat.com> - 3.1.2-2
- refresh gdb hooks to v3 (reworking how they are packaged)
* Sun Mar 21 2010 David Malcolm <dmalcolm at redhat.com> - 3.1.2-1
- update to 3.1.2: http://www.python.org/download/releases/3.1.2/
- drop upstreamed patch 2 (.pyc permissions handling)
- drop upstream patch 5 (fix for the test_tk and test_ttk_* selftests)
- drop upstreamed patch 200 (path-fixing script)
* Sat Mar 20 2010 David Malcolm <dmalcolm at redhat.com> - 3.1.1-28
- fix typo in libpython.stp (rhbz:575336)
* Fri Mar 12 2010 David Malcolm <dmalcolm at redhat.com> - 3.1.1-27
- add pyfuntop.stp example (source 7)
- convert usage of $$RPM_BUILD_ROOT to %{buildroot} throughout, for
consistency with python.spec
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #590690 - CVE-2010-1634 python: audioop: incorrect integer overflow checks
        https://bugzilla.redhat.com/show_bug.cgi?id=590690
  [ 2 ] Bug #598197 - CVE-2010-2089 Python: Memory corruption in audioop module
        https://bugzilla.redhat.com/show_bug.cgi?id=598197
  [ 3 ] Bug #482814 - CVE-2008-5983 python: untrusted python modules search path
        https://bugzilla.redhat.com/show_bug.cgi?id=482814
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update python3' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list