FEDORA-2020-d30881c970 created by pviktori 2 months ago for Fedora 32
stable
  • CVE-2019-20907: Avoid infinite loop in the tarfile module
  • CVE-2020-14422: Resolve hash collisions for IPv4Interface and IPv6Interface
  • CVE-2020-26116: HTTP request method CRLF injection in httplib

This update brings Fedora 32's python34 in sync with the EPEL7 package.

How to install

sudo dnf upgrade --advisory=FEDORA-2020-d30881c970

This update has been submitted for testing by pviktori.

2 months ago

This update's test gating status has been changed to 'ignored'.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

This update's test gating status has been changed to 'ignored'.

2 months ago

This update has been pushed to testing.

2 months ago

This update can be pushed to stable now if the maintainer wishes

a month ago

This update has been submitted for stable by bodhi.

a month ago
User Icon churchyard commented & provided feedback a month ago
karma

It doesn't seem to be broken, but I don't use Python 3.4 that extensively. Not checking the security fixes.

This update has been pushed to stable.

a month ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
2 months ago
in testing
2 months ago
in stable
a month ago
BZ#1854938 CVE-2020-14422 python34: python: Denial of service via inefficiency in IPv{4,6}Interface classes [fedora-all]
0
0
BZ#1856491 CVE-2019-20907 python34: python: infinite loop in the tarfile module via a craft TAR archive [fedora-all]
0
0
BZ#1883245 CVE-2020-26116 python34: python: CRLF injection via HTTP request method in httplib/http.client [fedora-all]
0
0

Automated Test Results