--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-7df59302e0
2019-07-12 06:15:25.493076
--------------------------------------------------------------------------------
Name : python36
Product : Fedora 29
Version : 3.6.9
Release : 1.fc29
URL :
https://www.python.org/
Summary : Version 3.6 of the Python interpreter
Description :
Python 3.6 package for developers.
This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.6, see other distributions
that support it, such as CentOS or RHEL with Software Collections
or older Fedora releases.
--------------------------------------------------------------------------------
Update Information:
Update Python 3.6 to
[
3.6.9](https://www.python.org/downloads/release/python-369/), the latest
security release of the 3.6 branch. [Changelog for 3.6.9
final](https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-9-f...
and [3.6.9 release candidate
1](https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-9-release-
candidate-1). Includes security fixes for CVE-2019-9636, CVE-2019-9740,
CVE-2019-10160.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 3 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 3.6.9-1
- Update to 3.6.9
* Wed Jan 23 2019 Patrik Kopkan <pkopkan(a)redhat.com> - 3.6.8-3
- fix for CVE-2019-5010 (#1666519, #1666520)
* Mon Jan 14 2019 Bj��rn Esser <besser82(a)fedoraproject.org> - 3.6.8-2
- Rebuilt for libcrypt.so.2 (#1666033)
* Thu Dec 27 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 3.6.8-1
- Update to 3.6.8
* Mon Oct 22 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 3.6.7-1
- Update to 3.6.7
* Mon Sep 24 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 3.6.6-6
- Security fix for CVE-2018-14647 (#1631822)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1688169 - CVE-2019-9740 python: CRLF injection via the query part of the url
passed to urlopen()
https://bugzilla.redhat.com/show_bug.cgi?id=1688169
[ 2 ] Bug #1688543 - CVE-2019-9636 python: Information Disclosure due to urlsplit
improper NFKC normalization
https://bugzilla.redhat.com/show_bug.cgi?id=1688543
[ 3 ] Bug #1718388 - CVE-2019-10160 python: regression of CVE-2019-9636 due to
functional fix to allow port numbers in netloc
https://bugzilla.redhat.com/show_bug.cgi?id=1718388
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-7df59302e0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------