The following builds have been pushed to Fedora EPEL 7 updates-testing
pyicu-2.9-4.el7 python3-flask-1.1.4-1.el7 python3-werkzeug-1.0.1-2.el7
Details about builds:
================================================================================ pyicu-2.9-4.el7 (FEDORA-EPEL-2023-e2b1bcad07) Python extension wrapping the ICU C++ libraries -------------------------------------------------------------------------------- Update Information:
Provides fix -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 29 2023 Gwyn Ciesla gwync@protonmail.com - 2.9-4 - Add explicit python36-pyicu provides -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2234801 - Missing dependencies for gramps https://bugzilla.redhat.com/show_bug.cgi?id=2234801 --------------------------------------------------------------------------------
================================================================================ python3-flask-1.1.4-1.el7 (FEDORA-EPEL-2023-2b99803700) Micro-framework for Python based on Werkzeug, Jinja 2 and good intentions -------------------------------------------------------------------------------- Update Information:
- Update to version 1.1.4 - Rename python36-flask to python3-flask - Backport patch for CVE-2023-30861 - Run test suite in %check -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 29 2023 Carl George carlwgeorge@fedoraproject.org - 1.1.4-1 - Update to version 1.1.4 - Rename python36-flask to python3-flask - Backport patch for CVE-2023-30861, resolves rhbz#2196676 - Run test suite in %check -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2196676 - CVE-2023-30861 python3-flask: flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=2196676 --------------------------------------------------------------------------------
================================================================================ python3-werkzeug-1.0.1-2.el7 (FEDORA-EPEL-2023-f73923f479) Comprehensive WSGI web application library -------------------------------------------------------------------------------- Update Information:
- Rename python36-werkzeug to python3-werkzeug - Backport patch for CVE-2023-25577 - Backport patch for CVE-2023-23934 - Run test suite in %check -------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 28 2023 Carl George carlwgeorge@fedoraproject.org - 1.0.1-2 - Rename python36-werkzeug to python3-werkzeug - Backport patch for CVE-2023-25577, resolves rhbz#2170246 - Backport patch for CVE-2023-23934, resolves rhbz#2170247 - Run test suite in %check -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2170246 - CVE-2023-25577 python3-werkzeug: python-werkzeug: high resource usage when parsing multipart form data with many fields [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=2170246 [ 2 ] Bug #2170247 - CVE-2023-23934 python3-werkzeug: python-werkzeug: cookie prefixed with = can shadow unprefixed cookie [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=2170247 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org