GNU bug report logs

#32877 Python-2 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-1000802

PackageSource(s)Maintainer(s)
guix PTS Buildd Popcon
Full log

Message #13 received at 32877@debbugs.gnu.org (full text, mbox, reply):

Received: (at 32877) by debbugs.gnu.org; 10 Oct 2018 19:14:33 +0000
From debbugs-submit-bounces@debbugs.gnu.org Wed Oct 10 15:14:33 2018
Received: from localhost ([127.0.0.1]:43857 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1gAJwH-0007OG-F8
	for submit@debbugs.gnu.org; Wed, 10 Oct 2018 15:14:33 -0400
Received: from out3-smtp.messagingengine.com ([66.111.4.27]:44345)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1gAJwE-0007O8-Sn
 for 32877@debbugs.gnu.org; Wed, 10 Oct 2018 15:14:32 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id A98FE21964;
 Wed, 10 Oct 2018 15:14:30 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute4.internal (MEProxy); Wed, 10 Oct 2018 15:14:30 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:in-reply-to; s=mesmtp; bh=v/hnIMEUxDH2ojVnRdAMbiNU
 +k31FMU7dLQstIPwG0w=; b=utb2KomaCvSNwKLKR94iBmFvB1a1ZNSZXzXAfxeS
 jQenxaAm3dyMGCGba80Ufsmruj1LxYV1tpy49WnItM4SGrCPdUrGP0AXjlRtp8Oy
 VOoC6YbHQS/ANeIraWz96iWIEEY8EVWfZIrtoAAB43/zwkHXhna3C5VfEFTKvrGK
 qLI=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=v/hnIM
 EUxDH2ojVnRdAMbiNU+k31FMU7dLQstIPwG0w=; b=LRxCz36B5VfAauw/tGuoKT
 U/tr+NzJz+CQ6IpwqI8ULfuvdXfkTqpa3YuNLerk3hk5n99ExR3T9PPX+HeG9mjw
 gmE7/MxjDs8pvlz80pvNUZXQHbVSNvSHz6YCWOp86se+/YB1F6DMY/hbpYTBW/CT
 JvnMFu0qdIqMIz9Ij9l7+8+wMJRgZv5FfVSEidIFnN0amiH8+oD9Vd8uGT1iG8pe
 O82YVLJm2QUv0vwCnAfkSGD5jhB6B3PrErGimCLSlC+tubcA/bhBthvATkD5iV2e
 4eQtMgqA9zM5XXmqDpIxqDD9M625J0zhHdb9DLZtXJKKW+TNxEV8HBkVeOihWTiQ
 ==
X-ME-Sender: <xms:k0--Wyboxsim7bblar8qnJs-gx0Yn_LdzIpJf-udOJLOPC3hd-8OdA>
X-ME-Proxy: <xmx:k0--WwZLtqSJz6jlOtj8q3PDEhVyhIgf7qjp-vWkvAHKkTFAFjGMlw>
 <xmx:k0--W5WeZ26j0fA9uSnxZlOKS8Qk0ZT7x9kko7MymEKK3O6zs2Q82w>
 <xmx:k0--WyjhumsvSh7fQQYaOeTjqkEFb2enSqEoWZ8CsWXL8V7d-VrPvw>
 <xmx:k0--W3W5U6PUWLqFMR2v8zqE1oTAZqP-FiRS6vUyHcfQfIfntSu-Jw>
 <xmx:k0--W5PHtQwiXOyJb-kSoxPWHGtFg-6-_DsnW4gvM-JoniSyfnLydQ>
 <xmx:lk--W-7jVTsDE0tNNx1dicwgupPpvl1G7PnWtdMgvTs1KlAnPcVJVw>
Received: from localhost (unknown [172.58.201.64])
 by mail.messagingengine.com (Postfix) with ESMTPA id 1F231102F3;
 Wed, 10 Oct 2018 15:14:27 -0400 (EDT)
Date: Wed, 10 Oct 2018 15:14:25 -0400
From: Leo Famulari <leo@famulari.name>
To: Marius Bakke <mbakke@fastmail.com>
Subject: Re: bug#32877: Python-2 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647
 CVE-2018-1000802
Message-ID: <20181010191425.GA22832@jasmine.lan>
References: <20180929191827.GA17619@jasmine.lan> <87in2fhv8v.fsf@fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="gBBFr7Ir9EOA20Yy"
Content-Disposition: inline
In-Reply-To: <87in2fhv8v.fsf@fastmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 32877
Cc: 32877@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

[Message part 1 (text/plain, inline)]
On Sat, Oct 06, 2018 at 06:53:36PM +0200, Marius Bakke wrote:
> From 2891a9acb7704c3397ef34fbb520b46936504422 Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke@fastmail.com>
> Date: Sat, 6 Oct 2018 18:50:47 +0200
> Subject: [PATCH] gnu: python2: Add upstream security fixes.
> 
> This addresses CVE-2018-{1060,1061,14647,1000802}.
> 
> * gnu/packages/patches/python2-CVE-2018-1000802.patch,
> gnu/packages/patches/python2-CVE-2018-1060.patch,
> gnu/packages/patches/python2-CVE-2018-1061.patch,
> gnu/packages/patches/python2-CVE-2018-14647.patch: New files.
> * gnu/local.mk (dist_patch_DATA): Register it.
> * gnu/packages/python.scm (python-2/fixed): New variable.
> (python-2.7)[replacement]: New field.
> (python2-minimal): Use PACKAGE/INHERIT.

Thanks! I did some basic tests and things seem to work.

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 03:09:06 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.