| |
@@ -112,7 +112,7 @@
|
| |
Summary: Version 3 of the Python programming language aka Python 3000
|
| |
Name: python3
|
| |
Version: %{pybasever}.4
|
| |
- Release: 2%{?dist}
|
| |
+ Release: 3%{?dist}
|
| |
License: Python
|
| |
Group: Development/Languages
|
| |
|
| |
@@ -394,6 +394,12 @@
|
| |
# Fixed upstream: https://bugs.python.org/issue31532
|
| |
Patch279: 00279-fix-memory-corruption-due-to-allocator-mix.patch
|
| |
|
| |
+ # 00286 #
|
| |
+ # CVE-2017-1000158
|
| |
+ # Check & prevent integer overflow in PyString_DecodeEscape
|
| |
+ # Fixed upstream for Python 2 only: https://bugs.python.org/issue30657
|
| |
+ Patch286: 00286-pystring-decodeescape-integer-overflow.patch
|
| |
+
|
| |
# (New patches go here ^^^)
|
| |
#
|
| |
# When adding new patches to "python" and "python3" in Fedora, EL, etc.,
|
| |
@@ -635,6 +641,7 @@
|
| |
%patch206 -p1
|
| |
%patch243 -p1
|
| |
%patch279 -p1
|
| |
+ %patch286 -p1
|
| |
|
| |
# Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there
|
| |
# are many differences between 2.6 and the Python 3 library.
|
| |
@@ -1538,6 +1545,10 @@
|
| |
# ======================================================
|
| |
|
| |
%changelog
|
| |
+ * Fri Dec 01 2017 Miro Hrončok <mhroncok@redhat.com> - 3.5.4-3
|
| |
+ - Fix for CVE-2017-1000158
|
| |
+ - rhbz#1519606: https://bugzilla.redhat.com/show_bug.cgi?id=1519604
|
| |
+
|
| |
* Mon Oct 09 2017 Charalampos Stratakis <cstratak@redhat.com> - 3.5.4-2
|
| |
- Fix memory corruption due to allocator mix
|
| |
Resolves: rhbz#1498207
|
| |
This applies well. However I don't know if it even builds. Opening this early, because I'll go offline, so I like to share what I have.
Koji scratch build in progress: https://koji.fedoraproject.org/koji/taskinfo?taskID=23483171