-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-dfb11916cc 2020-07-23 01:04:57.639129 --------------------------------------------------------------------------------
Name : mingw-python3 Product : Fedora 32 Version : 3.8.3 Release : 3.fc32 URL : https://www.python.org/ Summary : MinGW Windows python3 Description : MinGW Windows python3 library.
-------------------------------------------------------------------------------- Update Information:
Backport patch for CVE-2019-20907. ---- Update to 3.8.3, backport patch for CVE-2020-14422. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jul 14 2020 Sandro Mani manisandro@gmail.com - 3.8.3-3 - Backport patch for CVE-2019-20907 * Mon Jul 13 2020 Sandro Mani manisandro@gmail.com - 3.8.3-2 - Backport patch for CVE-2020-14422 * Sun May 17 2020 Sandro Mani manisandro@gmail.com - 3.8.3-1 - Update to 3.8.3 * Mon Mar 2 2020 Sandro Mani manisandro@gmail.com - 3.8.2-1 - Update to 3.8.2 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1854936 - CVE-2020-14422 mingw-python3: python: DoS via inefficiency in IPv{4,6}Interface classes [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1854936 [ 2 ] Bug #1856489 - CVE-2019-20907 mingw-python3: python: infinite loop in the tarfile module via crafted TAR archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1856489 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-dfb11916cc' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------