maintainer-feedback requested: [Bug 210324] lang/python35, lang/python34, lang/python27: Possible integer overflow and heap corruption in zipimporter (CVE-2016-5636)
Vladimir Krstulja has asked FreeBSD Python for maintainer-feedback: Bug 210324: lang/python35, lang/python34, lang/python27: Possible integer overflow and heap corruption in zipimporter (CVE-2016-5636) https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210324 --- Description --- Created attachment 171488 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=171488&action=edit VuXML entry for Pythons' vuln CVE-2016-5636 Looks like Python 3.5, 3.4 and 2.7 are vulnerable to CVE-2016-5636. * Upstream issue: http://bugs.python.org/issue26171 * CVE assignment: http://openwall.com/lists/oss-security/2016/06/16/1 Attached is a vuxml entry patch. Please check it, this is my first vuxml submission. I also have not checked the status/vulnerability of python32 and python33, I am listing the hereby given three versions since that's what the upstream reported and patched. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 210324] lang/python35, lang/python34, lang/python27: Possible integer overflow and heap corruption in zipimporter (CVE-2016-5636)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210324 Vladimir Krstulja changed: What|Removed |Added Flags|maintainer-feedback?(python | |@FreeBSD.org) | --- Comment #1 from Vladimir Krstulja --- Remove accidental extra feedback request. -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 210324] lang/python35, lang/python34, lang/python27: Possible integer overflow and heap corruption in zipimporter (CVE-2016-5636)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210324 Bug ID: 210324 Summary: lang/python35, lang/python34, lang/python27: Possible integer overflow and heap corruption in zipimporter (CVE-2016-5636) Product: Ports & Packages Version: Latest Hardware: Any URL: http://bugs.python.org/issue26171 OS: Any Status: New Keywords: needs-qa, patch, security Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: pyt...@freebsd.org Reporter: vlad-f...@acheronmedia.com CC: junovi...@freebsd.org, ports-sect...@freebsd.org, pyt...@freebsd.org CC: pyt...@freebsd.org Assignee: pyt...@freebsd.org Flags: maintainer-feedback?(pyt...@freebsd.org), maintainer-feedback?(pyt...@freebsd.org) Created attachment 171488 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=171488&action=edit VuXML entry for Pythons' vuln CVE-2016-5636 Looks like Python 3.5, 3.4 and 2.7 are vulnerable to CVE-2016-5636. * Upstream issue: http://bugs.python.org/issue26171 * CVE assignment: http://openwall.com/lists/oss-security/2016/06/16/1 Attached is a vuxml entry patch. Please check it, this is my first vuxml submission. I also have not checked the status/vulnerability of python32 and python33, I am listing the hereby given three versions since that's what the upstream reported and patched. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
maintainer-feedback requested: [Bug 210324] lang/python35, lang/python34, lang/python27: Possible integer overflow and heap corruption in zipimporter (CVE-2016-5636)
Vladimir Krstulja has reassigned Bugzilla Automation 's request for maintainer-feedback to FreeBSD Python : Bug 210324: lang/python35, lang/python34, lang/python27: Possible integer overflow and heap corruption in zipimporter (CVE-2016-5636) https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210324 --- Description --- Created attachment 171488 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=171488&action=edit VuXML entry for Pythons' vuln CVE-2016-5636 Looks like Python 3.5, 3.4 and 2.7 are vulnerable to CVE-2016-5636. * Upstream issue: http://bugs.python.org/issue26171 * CVE assignment: http://openwall.com/lists/oss-security/2016/06/16/1 Attached is a vuxml entry patch. Please check it, this is my first vuxml submission. I also have not checked the status/vulnerability of python32 and python33, I am listing the hereby given three versions since that's what the upstream reported and patched. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 210325] lang/python35, lang/python34, lang/python27: Backport patches for CVE-2016-5636
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210325 Bug ID: 210325 Summary: lang/python35, lang/python34, lang/python27: Backport patches for CVE-2016-5636 Product: Ports & Packages Version: Latest Hardware: Any URL: http://bugs.python.org/issue26171 OS: Any Status: New Keywords: easy, patch, patch-ready, security Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: pyt...@freebsd.org Reporter: vlad-f...@acheronmedia.com CC: junovi...@freebsd.org, ports-sect...@freebsd.org, pyt...@freebsd.org Attachment #171489 maintainer-approval?(pyt...@freebsd.org) Flags: Flags: maintainer-feedback?(pyt...@freebsd.org) Assignee: pyt...@freebsd.org CC: pyt...@freebsd.org Created attachment 171489 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=171489&action=edit Patch pythons against CVE-2016-5636 Backported patches for pythons, for CVE-2016-5636. This includes Python 3.5, 3.4 and 2.7 and are upstream patches. I have not tried to apply the fix to 3.3 and 3.2. Poudriere 10.3-p5 amd64 builds fine. -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
maintainer-approval requested: [Bug 210325] lang/python35, lang/python34, lang/python27: Backport patches for CVE-2016-5636 : [Attachment 171489] Patch pythons against CVE-2016-5636
Vladimir Krstulja has asked FreeBSD Python for maintainer-approval: Bug 210325: lang/python35, lang/python34, lang/python27: Backport patches for CVE-2016-5636 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210325 Attachment 171489: Patch pythons against CVE-2016-5636 https://bugs.freebsd.org/bugzilla/attachment.cgi?id=171489&action=edit --- Description --- Backported patches for pythons, for CVE-2016-5636. This includes Python 3.5, 3.4 and 2.7 and are upstream patches. I have not tried to apply the fix to 3.3 and 3.2. Poudriere 10.3-p5 amd64 builds fine. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 210324] lang/python35, lang/python34, lang/python27: Possible integer overflow and heap corruption in zipimporter (CVE-2016-5636)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210324 Vladimir Krstulja changed: What|Removed |Added See Also||https://bugs.freebsd.org/bu ||gzilla/show_bug.cgi?id=2103 ||25 -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
maintainer-feedback requested: [Bug 210325] lang/python35, lang/python34, lang/python27: Backport patches for CVE-2016-5636
Vladimir Krstulja has reassigned Bugzilla Automation 's request for maintainer-feedback to FreeBSD Python : Bug 210325: lang/python35, lang/python34, lang/python27: Backport patches for CVE-2016-5636 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210325 --- Description --- Created attachment 171489 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=171489&action=edit Patch pythons against CVE-2016-5636 Backported patches for pythons, for CVE-2016-5636. This includes Python 3.5, 3.4 and 2.7 and are upstream patches. I have not tried to apply the fix to 3.3 and 3.2. Poudriere 10.3-p5 amd64 builds fine. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 210325] lang/python35, lang/python34, lang/python27: Backport patches for CVE-2016-5636
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210325 --- Comment #1 from Vladimir Krstulja --- Created attachment 171491 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=171491&action=edit Patch python33 against CVE-2016-5636 This backports the fix to python33 as well. I'm attaching it as separate patch for review because it is not part of upstream. Investigating why that is so, since 3.3 is in security-only mode 'till next year. Poudriere builds it. Python's test suite passed for 'zipimport'. -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 210325] lang/python35, lang/python34, lang/python33, lang/python27: Backport patches for CVE-2016-5636
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210325 Vladimir Krstulja changed: What|Removed |Added Summary|lang/python35, |lang/python35, |lang/python34, |lang/python34, |lang/python27: Backport |lang/python33, |patches for CVE-2016-5636 |lang/python27: Backport ||patches for CVE-2016-5636 -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
maintainer-approval requested: [Bug 210325] lang/python35, lang/python34, lang/python33, lang/python27: Backport patches for CVE-2016-5636 : [Attachment 171491] Patch python33 against CVE-2016-5636
Vladimir Krstulja has asked FreeBSD Python for maintainer-approval: Bug 210325: lang/python35, lang/python34, lang/python33, lang/python27: Backport patches for CVE-2016-5636 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210325 Attachment 171491: Patch python33 against CVE-2016-5636 https://bugs.freebsd.org/bugzilla/attachment.cgi?id=171491&action=edit ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 210325] lang/python35, lang/python34, lang/python33, lang/python27: Backport patches for CVE-2016-5636
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210325 Vladimir Krstulja changed: What|Removed |Added Attachment #171491||maintainer-approval?(python Flags||@FreeBSD.org) -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
