GNU bug report logs - #32878
Python-3 CVE-2018-14647

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Sat, 29 Sep 2018 19:24:02 UTC

Severity: normal

Tags: security

Fixed in version 90aeaee861845142843a0f988fa4ff016c723cdb

Done: Marius Bakke <mbakke <at> fastmail.com>

Bug is archived. No further changes may be made.

Full log

Message #19 received at 32878 <at> debbugs.gnu.org (full text, mbox):

From: Mark H Weaver <mhw <at> netris.org>
To: Leo Famulari <leo <at> famulari.name>
Cc: Marius Bakke <mbakke <at> fastmail.com>, 32878 <at> debbugs.gnu.org
Subject: Re: bug#32878: Python-3 CVE-2018-14647
Date: Thu, 11 Oct 2018 04:04:31 -0400

Leo Famulari <leo <at> famulari.name> writes:

> On Sat, Oct 06, 2018 at 04:51:07PM +0200, Marius Bakke wrote:
>> From a60d655fd4dddb86e1c8134c675fb61af52b32af Mon Sep 17 00:00:00 2001
>> From: Marius Bakke <mbakke <at> fastmail.com>
>> Date: Sat, 6 Oct 2018 16:47:05 +0200
>> Subject: [PATCH] gnu: python: Fix CVE-2018-14647.
>> 
>> * gnu/packages/patches/python-CVE-2018-14647.patch: New file.
>> * gnu/local.mk (dist_patch_DATA): Register it.
>> * gnu/packages/python.scm (python-3/fixed): New variable.
>> (python-3.6)[replacement]: New field.
>> (python-minimal, python-debug, wrap-python3): Use PACKAGE/INHERIT instead of
>> standard inheritance.
>
> Thanks! I did some more basic tests with this one, using the extra hunk
> in your other mail. I think this change is okay.

As I wrote in another thread, I added this commit (with extra hunk) to
my private branch a few days ago, along with the Python-2 security
fixes, updated my GuixSD GNOME 3 system and user profile, and everything
seems to be working well.

I think they are both ready to push to master.

Thank you, Marius!

       Mark
This bug report was last modified 6 years and 278 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.