FEDORA-2021-f4fd9372c7 created by churchyard 2 weeks ago for Fedora 33
stable

Security fix for CVE-2021-3177, CVE-2021-23336.

How to install

sudo dnf upgrade --advisory=FEDORA-2021-f4fd9372c7

This update has been submitted for testing by churchyard.

2 weeks ago

This update's test gating status has been changed to 'ignored'.

2 weeks ago

This update's test gating status has been changed to 'waiting'.

2 weeks ago

This update's test gating status has been changed to 'ignored'.

2 weeks ago

This update has been pushed to testing.

2 weeks ago
User Icon lbalhar commented & provided feedback 2 weeks ago
karma

Works well and fixes all mentioned CVEs.

BZ#1918168 CVE-2021-3177 python: stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c
BZ#1918666 CVE-2021-3177 python3.7: python: stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c [fedora-all]
BZ#1928904 CVE-2021-23336 python: Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters
BZ#1928919 CVE-2021-23336 python3.7: python: Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters [fedora-all]

This update has been submitted for stable by bodhi.

2 weeks ago

This update has been pushed to stable.

2 weeks ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
1
Stable by Time
7 days
Dates
submitted
2 weeks ago
in testing
2 weeks ago
in stable
2 weeks ago
BZ#1918168 CVE-2021-3177 python: stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c
0
1
BZ#1918666 CVE-2021-3177 python3.7: python: stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c [fedora-all]
0
1
BZ#1928904 CVE-2021-23336 python: Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters
0
1
BZ#1928919 CVE-2021-23336 python3.7: python: Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters [fedora-all]
0
1

Automated Test Results