-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2020-88a247cda8 2020-02-27 15:51:09.603607 --------------------------------------------------------------------------------
Name : python3-virtualenv Product : Fedora EPEL 7 Version : 15.1.0 Release : 5.el7 URL : https://pypi.python.org/pypi/virtualenv Summary : Tool to create isolated Python environments Description : virtualenv is a tool to create isolated Python environments. virtualenv is a successor to workingenv, and an extension of virtual-python. It is written by Ian Bicking, and sponsored by the Open Planning Project. It is licensed under an MIT-style permissive license.
-------------------------------------------------------------------------------- Update Information:
Fix CVE-2018-20060 and CVE-2019-11236 in bundled urllib3 -------------------------------------------------------------------------------- ChangeLog:
* Tue Jan 14 2020 Lum��r Balhar lbalhar@redhat.com - 15.1.0-3 - Add two new patches for CVEs in bundled urllib3 Resolves: rhbz#1649153 Resolves: rhbz#1700824 * Thu Apr 4 2019 Orion Poplawski orion@nwra.com - 15.1.0-4 - Fix egg-info for python3_other * Thu Mar 7 2019 Troy Dawson tdawson@redhat.com - 15.1.0-3 - Rebuilt to change main python from 3.4 to 3.6 * Tue Feb 12 2019 Scott K Logan logans@cottsay.net - 15.1.0-2 - Add Python 3.6 subpackage - Switch to Python 3 Sphinx * Mon Aug 14 2017 Orion Poplawski orion@cora.nwra.com - 15.1.0-1 - Update to 15.1.0 * Fri Mar 10 2017 Orion Poplawski orion@cora.nwra.com - 15.0.3-1 - Initial EPEL package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1649153 - CVE-2018-20060 python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure https://bugzilla.redhat.com/show_bug.cgi?id=1649153 [ 2 ] Bug #1700824 - CVE-2019-11236 python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service https://bugzilla.redhat.com/show_bug.cgi?id=1700824 --------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use su -c 'yum update python3-virtualenv' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7%5C /html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
epel-package-announce@lists.fedoraproject.org