Overview
Request 670197 superseded
- Put LICENSE file where it belongs (bsc#1121852)
- Update to the final release of Python 3.7.2:
* bpo-31715: Associate .mjs file extension with
application/javascript MIME Type.
* bpo-35499: make profile-opt no longer replaces
CFLAGS_NODIST with CFLAGS. It now adds profile-guided
optimization (PGO) flags to CFLAGS_NODIST: existing
CFLAGS_NODIST flags are kept.
* bpo-35257: Avoid leaking the linker flags from Link Time
Optimizations (LTO) into distutils when compiling
C extensions.
* bpo-35259: Conditionally declare Py_FinalizeEx() (new in
3.6) based on Py_LIMITED_API. Patch by Arthur Neufeld.
- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch
fixing bpo-35746.
An exploitable denial-of-service vulnerability exists in the
X509 certificate parser of Python.org Python 2.7.11 / 3.7.2.
A specially crafted X509 certificate can cause a NULL pointer
dereference, resulting in a denial of service. An attacker can
initiate or accept TLS connections using crafted certificates
to trigger this vulnerability.
- Put LICENSE file where it belongs (bsc#1121852)
- Update to the final release of Python 3.7.2:
* bpo-31715: Associate .mjs file extension with
application/javascript MIME Type.
* bpo-35499: make profile-opt no longer replaces
CFLAGS_NODIST with CFLAGS. It now adds profile-guided
optimization (PGO) flags to CFLAGS_NODIST: existing
CFLAGS_NODIST flags are kept.
* bpo-35257: Avoid leaking the linker flags from Link Time
Optimizations (LTO) into distutils when compiling
C extensions.
* bpo-35259: Conditionally declare Py_FinalizeEx() (new in
3.6) based on Py_LIMITED_API. Patch by Arthur Neufeld.
- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch
fixing bpo-35746.
An exploitable denial-of-service vulnerability exists in the
X509 certificate parser of Python.org Python 2.7.11 / 3.7.2.
A specially crafted X509 certificate can cause a NULL pointer
dereference, resulting in a denial of service. An attacker can
initiate or accept TLS connections using crafted certificates
to trigger this vulnerability.
- Put LICENSE file where it belongs (bsc#1121852)
- Update to the final release of Python 3.7.2:
* bpo-31715: Associate .mjs file extension with
application/javascript MIME Type.
* bpo-35499: make profile-opt no longer replaces
CFLAGS_NODIST with CFLAGS. It now adds profile-guided
optimization (PGO) flags to CFLAGS_NODIST: existing
CFLAGS_NODIST flags are kept.
* bpo-35257: Avoid leaking the linker flags from Link Time
Optimizations (LTO) into distutils when compiling
C extensions.
* bpo-35259: Conditionally declare Py_FinalizeEx() (new in
3.6) based on Py_LIMITED_API. Patch by Arthur Neufeld.
- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch
fixing bpo-35746.
An exploitable denial-of-service vulnerability exists in the
X509 certificate parser of Python.org Python 2.7.11 / 3.7.2.
A specially crafted X509 certificate can cause a NULL pointer
dereference, resulting in a denial of service. An attacker can
initiate or accept TLS connections using crafted certificates
to trigger this vulnerability.
- Created by mcepl
- In state superseded
- Superseded by 670332
- Open review for repo-checker
- Open review for openSUSE:Factory:Staging:I
Request History
mcepl created request
- Put LICENSE file where it belongs (bsc#1121852)
- Update to the final release of Python 3.7.2:
* bpo-31715: Associate .mjs file extension with
application/javascript MIME Type.
* bpo-35499: make profile-opt no longer replaces
CFLAGS_NODIST with CFLAGS. It now adds profile-guided
optimization (PGO) flags to CFLAGS_NODIST: existing
CFLAGS_NODIST flags are kept.
* bpo-35257: Avoid leaking the linker flags from Link Time
Optimizations (LTO) into distutils when compiling
C extensions.
* bpo-35259: Conditionally declare Py_FinalizeEx() (new in
3.6) based on Py_LIMITED_API. Patch by Arthur Neufeld.
- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch
fixing bpo-35746.
An exploitable denial-of-service vulnerability exists in the
X509 certificate parser of Python.org Python 2.7.11 / 3.7.2.
A specially crafted X509 certificate can cause a NULL pointer
dereference, resulting in a denial of service. An attacker can
initiate or accept TLS connections using crafted certificates
to trigger this vulnerability.
- Put LICENSE file where it belongs (bsc#1121852)
- Update to the final release of Python 3.7.2:
* bpo-31715: Associate .mjs file extension with
application/javascript MIME Type.
* bpo-35499: make profile-opt no longer replaces
CFLAGS_NODIST with CFLAGS. It now adds profile-guided
optimization (PGO) flags to CFLAGS_NODIST: existing
CFLAGS_NODIST flags are kept.
* bpo-35257: Avoid leaking the linker flags from Link Time
Optimizations (LTO) into distutils when compiling
C extensions.
* bpo-35259: Conditionally declare Py_FinalizeEx() (new in
3.6) based on Py_LIMITED_API. Patch by Arthur Neufeld.
- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch
fixing bpo-35746.
An exploitable denial-of-service vulnerability exists in the
X509 certificate parser of Python.org Python 2.7.11 / 3.7.2.
A specially crafted X509 certificate can cause a NULL pointer
dereference, resulting in a denial of service. An attacker can
initiate or accept TLS connections using crafted certificates
to trigger this vulnerability.
- Put LICENSE file where it belongs (bsc#1121852)
- Update to the final release of Python 3.7.2:
* bpo-31715: Associate .mjs file extension with
application/javascript MIME Type.
* bpo-35499: make profile-opt no longer replaces
CFLAGS_NODIST with CFLAGS. It now adds profile-guided
optimization (PGO) flags to CFLAGS_NODIST: existing
CFLAGS_NODIST flags are kept.
* bpo-35257: Avoid leaking the linker flags from Link Time
Optimizations (LTO) into distutils when compiling
C extensions.
* bpo-35259: Conditionally declare Py_FinalizeEx() (new in
3.6) based on Py_LIMITED_API. Patch by Arthur Neufeld.
- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch
fixing bpo-35746.
An exploitable denial-of-service vulnerability exists in the
X509 certificate parser of Python.org Python 2.7.11 / 3.7.2.
A specially crafted X509 certificate can cause a NULL pointer
dereference, resulting in a denial of service. An attacker can
initiate or accept TLS connections using crafted certificates
to trigger this vulnerability.
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto added repo-checker as a reviewer
Please review build success
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
namtrac accepted review
dimstar_suse set openSUSE:Factory:Staging:I as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:I"
dimstar_suse accepted review
Picked openSUSE:Factory:Staging:I
scarabeus_iv superseded request
superseded by 670332