GNU bug report logs - #32878
Python-3 CVE-2018-14647

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Sat, 29 Sep 2018 19:24:02 UTC

Severity: normal

Tags: security

Fixed in version 90aeaee861845142843a0f988fa4ff016c723cdb

Done: Marius Bakke <mbakke <at> fastmail.com>

Bug is archived. No further changes may be made.

Full log

Message #16 received at 32878 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Marius Bakke <mbakke <at> fastmail.com>
Cc: 32878 <at> debbugs.gnu.org
Subject: Re: bug#32878: Python-3 CVE-2018-14647
Date: Wed, 10 Oct 2018 15:26:01 -0400

[Message part 1 (text/plain, inline)]

On Sat, Oct 06, 2018 at 04:51:07PM +0200, Marius Bakke wrote:
> From a60d655fd4dddb86e1c8134c675fb61af52b32af Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke <at> fastmail.com>
> Date: Sat, 6 Oct 2018 16:47:05 +0200
> Subject: [PATCH] gnu: python: Fix CVE-2018-14647.
> 
> * gnu/packages/patches/python-CVE-2018-14647.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Register it.
> * gnu/packages/python.scm (python-3/fixed): New variable.
> (python-3.6)[replacement]: New field.
> (python-minimal, python-debug, wrap-python3): Use PACKAGE/INHERIT instead of
> standard inheritance.

Thanks! I did some more basic tests with this one, using the extra hunk
in your other mail. I think this change is okay.

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 6 years and 278 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #32878 Python-3 CVE-2018-14647

GNU bug report logs - #32878
Python-3 CVE-2018-14647