--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-6b02154aa0
2019-03-29 02:58:04.250160
--------------------------------------------------------------------------------
Name : python34
Product : Fedora 29
Version : 3.4.10
Release : 1.fc29
URL :
http://www.python.org/
Summary : Version 3.4 of the Python programming language
Description :
Python 3.4 package for developers.
This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.4, see other distributions
that support it, such as CentOS or RHEL with Software Collections.
--------------------------------------------------------------------------------
Update Information:
Last upstream Python 3.4 security release, 3.4.10. Security fix for
CVE-2019-9636, CVE-2019-5010, CVE-2018-20406.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 19 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 3.4.10-1
- Update to 3.4.10
* Tue Mar 5 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 3.4.10~rc1-1
- Update to 3.4.10rc1
* Sun Feb 17 2019 Igor Gnatenko <ignatenkobrain(a)fedoraproject.org> - 3.4.9-8
- Rebuild for readline 8.0
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.4.9-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Bj��rn Esser <besser82(a)fedoraproject.org> - 3.4.9-6
- Rebuilt for libcrypt.so.2 (#1666033)
* Fri Jan 11 2019 Bj��rn Esser <besser82(a)fedoraproject.org> - 3.4.9-5
- Add missing semicolon in patch 00290
* Mon Sep 24 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 3.4.9-4
- Security fix for CVE-2018-14647 (#1631822)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1688543 - CVE-2019-9636 python: Information Disclosure due to urlsplit
improper NFKC normalization
https://bugzilla.redhat.com/show_bug.cgi?id=1688543
[ 2 ] Bug #1666519 - CVE-2019-5010 python: NULL pointer dereference using a specially
crafted X509 certificate
https://bugzilla.redhat.com/show_bug.cgi?id=1666519
[ 3 ] Bug #1664509 - CVE-2018-20406 python: Integer overflow in Modules/_pickle.c allows
for memory exhaustion if serializing gigabytes of data
https://bugzilla.redhat.com/show_bug.cgi?id=1664509
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-6b02154aa0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------