Overview
Request 700152 superseded
- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch
Address the issue by disallowing URL paths with embedded
whitespace or control characters through into the underlying
http client request. Such potentially malicious header
injection URLs now cause a ValueError to be raised.
- Fix metadata of patches.
- Rename boo1071941-make-install-in-sep-loc.patch to
00251-change-user-install-location.patch which is the original
name, so it can be looked up in the Fedora VCS.
- Mark distutils bdist_wininst command unsupported
with 00316-mark-bdist_wininst-unsupported.patch
- Remove Windows bdist_wininst executables from runtime package
- Update to 3.7.3, which is the maintenance release without any
significant changes in API.
- Updated patches:
- CVE-2019-5010-null-defer-x509-cert-DOS.patch
- distutils-reproducible-compile.patch
- python-3.3.0b1-fix_date_time_compiler.patch
- python-3.6.0-multilib.patch
- raise_SIGING_not_handled.patch
- Created by mcepl
- In state superseded
- Supersedes 700002
- Superseded by 704730
- Open review for factory-staging
Request History
mcepl created request
- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch
Address the issue by disallowing URL paths with embedded
whitespace or control characters through into the underlying
http client request. Such potentially malicious header
injection URLs now cause a ValueError to be raised.
- Fix metadata of patches.
- Rename boo1071941-make-install-in-sep-loc.patch to
00251-change-user-install-location.patch which is the original
name, so it can be looked up in the Fedora VCS.
- Mark distutils bdist_wininst command unsupported
with 00316-mark-bdist_wininst-unsupported.patch
- Remove Windows bdist_wininst executables from runtime package
- Update to 3.7.3, which is the maintenance release without any
significant changes in API.
- Updated patches:
- CVE-2019-5010-null-defer-x509-cert-DOS.patch
- distutils-reproducible-compile.patch
- python-3.3.0b1-fix_date_time_compiler.patch
- python-3.6.0-multilib.patch
- raise_SIGING_not_handled.patch
licensedigger accepted review
ok
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
staging-bot set openSUSE:Factory:Staging:A as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:A"
staging-bot accepted review
Picked openSUSE:Factory:Staging:A
dimstar_suse accepted review
Removing from openSUSE:Factory:Staging:A, re-evaluation needed
dimstar_suse added factory-staging as a reviewer
Requesting new staging review
jengelh accepted review
staging-bot set openSUSE:Factory:Staging:B as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:B"
staging-bot accepted review
Picked openSUSE:Factory:Staging:B
dimstar_suse accepted review
Removing from openSUSE:Factory:Staging:B, re-evaluation needed
dimstar_suse approved review
Removing from openSUSE:Factory:Staging:B, re-evaluation needed
dimstar_suse added factory-staging as a reviewer
Requesting new staging review
dimstar_suse superseded request
superseded by 704730
Needs a ring0 staging of its own