Netzwerk Sicherheits Prüfungen / Anfälligkeitsfeststellung von SecuritySpace

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-9565
2010-06-07 20:38:58
--------------------------------------------------------------------------------

Name        : python
Product     : Fedora 12
Version     : 2.6.2
Release     : 8.fc12
URL         : http://www.python.org/
Summary     : An interpreted, interactive, object-oriented programming language
Description :
Python is an interpreted, interactive, object-oriented programming
language often compared to Tcl, Perl, Scheme or Java. Python includes
modules, classes, exceptions, very high level dynamic data types and
dynamic typing. Python supports interfaces to many system calls and
libraries, as well as to various windowing systems (X11, Motif, Tk,
Mac and MFC).

Programmers can write new built-in modules for Python in C or C++.
Python can be used as an extension language for applications that need
a programmable interface. This package contains most of the standard
Python modules, as well as modules for interfacing to the Tix widget
set for Tk and RPM.

Note that documentation for Python is provided in the python-docs
package.

--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun  4 2010 David Malcolm <dmalcolm@redhat.com> - 2.6.2-8
- ensure that the compiler is invoked with "-fwrapv" (rhbz#594819)
- CVE-2010-1634: fix various integer overflow checks in the audioop
module (patch 113)
- CVE-2010-2089: further checks within the audioop module (patch 114)
- CVE-2008-5983: the new PySys_SetArgvEx entry point from r81399 (patch 115)
* Fri Mar 12 2010 David Malcolm <dmalcolm@redhat.com> - 2.6.2-7
- document all patches, and remove the commented-out ones
- Address some of the issues identified in package review (bug 226342):
  - update libs requirement on base package to use %{name} for consistency's
sake
  - convert from backticks to $() syntax throughout
  - wrap value of LD_LIBRARY_PATH in quotes
  - convert "/usr/bin/find" requirement to "findutils"
  - remove trailing periods from summaries of subpackages
  - fix spelling mistake in description of -test subpackage
  - convert usage of $$RPM_BUILD_ROOT to %{buildroot} throughout, for
stylistic consistency
  - supply dirmode arguments to defattr directives
- replace references to /usr with %{_prefix}; replace references to
/usr/include with %{_includedir}
- fixup the build when __python_ver is set (Zach Sadecki; bug 533989); use
pybasever in the files section
* Mon Jan 25 2010 David Malcolm <dmalcolm@redhat.com> - 2.6.2-6
- update python-2.6.2-config.patch to remove downstream customization of build
of pyexpat and elementtree modules
- add patch adapted from upstream (patch 3) to add support for building against
system expat; add --with-system-expat to "configure" invocation (patch 3)
- remove embedded copy of expat from source tree during "prep"
* Mon Jan 25 2010 David Malcolm <dmalcolm@redhat.com> - 2.6.2-5
- replace "define" with "global" throughout
- introduce macros for 3 directories, replacing expanded references throughout:
%{pylibdir}, %{dynload_dir}, %{site_packages}
- explicitly list all lib-dynload files, rather than dynamically gathering the
payload into a temporary text file, so that we can be sure what we are
shipping; remove now-redundant testing for presence of certain .so files
- remove embedded copy of libffi and zlib from source tree before building
* Mon Jan 25 2010 David Malcolm <dmalcolm@redhat.com> - 2.6.2-4
- change python-2.6.2-config.patch to remove our downstream change to curses
configuration in Modules/Setup.dist, so that the curses modules are built using
setup.py with the downstream default (linking against libncursesw.so, rather
than libncurses.so), rather than within the Makefile; add a test to %install
to verify the dso files that the curses module is linked against the correct
DSO (bug 539917; changes _cursesmodule.so -> _curses.so)
* Fri Jan  8 2010 David Malcolm <dmalcolm@redhat.com> - 2.6.2-3
- fix Lib/SocketServer.py to avoid trying to use non-existant keyword args
for os.waitpid (patch 52, rhbz:552404, Adrian Reber)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #590690 - CVE-2010-1634 python: audioop: incorrect integer overflow checks
        https://bugzilla.redhat.com/show_bug.cgi?id=590690
  [ 2 ] Bug #598197 - CVE-2010-2089 Python: Memory corruption in audioop module
        https://bugzilla.redhat.com/show_bug.cgi?id=598197
  [ 3 ] Bug #482814 - CVE-2008-5983 python: untrusted python modules search path
        https://bugzilla.redhat.com/show_bug.cgi?id=482814
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update python' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce