-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-9b3dabc21c 2020-03-14 00:24:43.758886 --------------------------------------------------------------------------------
Name : python3-typed_ast Product : Fedora 30 Version : 1.4.0 Release : 2.fc30 URL : https://github.com/python/typed_ast Summary : A fork of the ast module with type annotations Description : A fork of the ast module with type annotations. This package is based on the ast modules from Python 2 and 3, and has been extended with support for type comments and type annotations as supported in Python 3.6.
-------------------------------------------------------------------------------- Update Information:
Fixes for CVE-2019-19274 and CVE-2019-19275 -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 26 2019 Fedora Release Engineering releng@fedoraproject.org - 1.4.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Tue Jun 11 2019 Gwyn Ciesla gwync@protonmail.com - 1.4.0-1 - 1.4.0. * Wed May 15 2019 Gwyn Ciesla gwync@protonmail.com - 1.3.5-1 - 1.3.5. * Tue May 14 2019 Gwyn Ciesla gwync@protonmail.com - 1.3.1-2 - Fix 3.8 FTBFS. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1810594 - CVE-2019-19274 python3-typed_ast: out-of-bounds read in handle_keywordonly_args() function [fedora-30] https://bugzilla.redhat.com/show_bug.cgi?id=1810594 [ 2 ] Bug #1810598 - CVE-2019-19275 python3-typed_ast: out-of-bounds read in ast_for_arguments() function [fedora-30] https://bugzilla.redhat.com/show_bug.cgi?id=1810598 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-9b3dabc21c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------