--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-6baeb15da3
2019-03-29 02:03:20.298039
--------------------------------------------------------------------------------
Name : python34
Product : Fedora 28
Version : 3.4.10
Release : 1.fc28
URL :
http://www.python.org/
Summary : Version 3.4 of the Python programming language
Description :
Python 3.4 package for developers.
This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.4, see other distributions
that support it, such as CentOS or RHEL with Software Collections.
--------------------------------------------------------------------------------
Update Information:
Last upstream Python 3.4 security release, 3.4.10. Security fix for
CVE-2019-9636, CVE-2019-5010, CVE-2018-20406.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 19 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 3.4.10-1
- Update to 3.4.10
* Tue Mar 5 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 3.4.10~rc1-1
- Update to 3.4.10rc1
* Wed Aug 8 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 3.4.9-2
- Fix bundled pip/setuptools versions
* Sun Aug 5 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 3.4.9-1
- Rebased to 3.4.9
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.4.8-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Apr 24 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 3.4.8-3
- Fix multiprocessing regression on newer glibcs
- Enable test_multiprocessing_fork(server) and _spawn again
Resolves: rhbz#1569933
* Fri Apr 20 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 3.4.8-2
- Do not ship the Tools directory
- Skip test_multiprocessing_fork(server) and _spawn for now
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1688543 - CVE-2019-9636 python: Information Disclosure due to urlsplit
improper NFKC normalization
https://bugzilla.redhat.com/show_bug.cgi?id=1688543
[ 2 ] Bug #1666519 - CVE-2019-5010 python: NULL pointer dereference using a specially
crafted X509 certificate
https://bugzilla.redhat.com/show_bug.cgi?id=1666519
[ 3 ] Bug #1664509 - CVE-2018-20406 python: Integer overflow in Modules/_pickle.c allows
for memory exhaustion if serializing gigabytes of data
https://bugzilla.redhat.com/show_bug.cgi?id=1664509
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-6baeb15da3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------