Overview

File _patchinfo of Package patchinfo.2629

<patchinfo>
  <issue id="863741" tracker="bnc">VUL-0: CVE-2014-1912: python: buffer overflow in socket.recvfrom_into</issue>
  <issue id="831442" tracker="bnc">openSUSE:12.3/python-base: Bug</issue>
  <issue id="637176" tracker="bnc">Python doesn't have the PEP 370 compatible lib64 path</issue>
  <issue id="856835" tracker="bnc">VUL-1: CVE-2013-1753: python: gzip decompression bomb</issue>
  <issue id="856836" tracker="bnc">VUL-1: CVE-2013-1752: python: various stdlib read flaws</issue>
  <issue id="857470" tracker="bnc">python: bdist_rpm broken</issue>
  <issue id="CVE-2013-1752" tracker="cve" />
  <issue id="CVE-2013-1753" tracker="cve" />
  <issue id="CVE-2013-4238" tracker="cve" />
  <issue id="CVE-2014-1912" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>matejcik</packager>
  <description>
Python was updated to 2.7.6 to fix bugs and security issues:

* bugfix-only release
* SSL-related fixes
* upstream fix for CVE-2013-4238
* upstream fixes for CVE-2013-1752


- added patches for CVE-2013-1752 (bnc#856836) issues that are
  missing in 2.7.6:
  python-2.7.6-imaplib.patch
  python-2.7.6-poplib.patch
  smtplib_maxline-2.7.patch
- CVE-2013-1753 (bnc#856835) gzip decompression bomb in xmlrpc client:
  xmlrpc_gzip_27.patch
- python-2.7.6-bdist-rpm.patch: fix broken "setup.py bdist_rpm" command
  (bnc#857470, issue18045)
- multilib patch: add "~/.local/lib64" paths to search path
  (bnc#637176)
- CVE-2014-1912-recvfrom_into.patch: fix potential buffer overflow
  in socket.recvfrom_into (CVE-2014-1912, bnc#863741)
- Add Obsoletes/Provides for python-ctypes.

- reintroduce audioop.so as the problems with it seem to be fixed
  (bnc#831442)
</description>
  <summary>python: update to 2.7.6</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places