From 72eb37a32719bb905820c23684d8ebea6e33b6fcb3da40c5a575a32a71a6d97a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20S=C3=BAkup?= Date: Thu, 19 Mar 2020 07:24:11 +0000 Subject: [PATCH 1/2] - update to 5.3.1 * Prevents arbitrary code execution during python/object/new constructor OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-PyYAML?expand=0&rev=37 --- PyYAML-5.3.1.tar.gz | 3 +++ PyYAML-5.3.tar.gz | 3 --- python-PyYAML.changes | 6 ++++++ python-PyYAML.spec | 2 +- 4 files changed, 10 insertions(+), 4 deletions(-) create mode 100644 PyYAML-5.3.1.tar.gz delete mode 100644 PyYAML-5.3.tar.gz diff --git a/PyYAML-5.3.1.tar.gz b/PyYAML-5.3.1.tar.gz new file mode 100644 index 0000000..bfe3bd8 --- /dev/null +++ b/PyYAML-5.3.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b8eac752c5e14d3eca0e6dd9199cd627518cb5ec06add0de9d32baeee6fe645d +size 269377 diff --git a/PyYAML-5.3.tar.gz b/PyYAML-5.3.tar.gz deleted file mode 100644 index 796dac2..0000000 --- a/PyYAML-5.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e9f45bd5b92c7974e59bcd2dcc8631a6b6cc380a904725fce7bc08872e691615 -size 268214 diff --git a/python-PyYAML.changes b/python-PyYAML.changes index ec51b13..56260cd 100644 --- a/python-PyYAML.changes +++ b/python-PyYAML.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Mar 19 07:23:23 UTC 2020 - Ondřej Súkup + +- update to 5.3.1 + * Prevents arbitrary code execution during python/object/new constructor + ------------------------------------------------------------------- Tue Jan 7 09:55:39 UTC 2020 - Ondřej Súkup diff --git a/python-PyYAML.spec b/python-PyYAML.spec index 4325d8e..777ae24 100644 --- a/python-PyYAML.spec +++ b/python-PyYAML.spec @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %define oldpython python Name: python-PyYAML -Version: 5.3 +Version: 5.3.1 Release: 0 Summary: YAML parser and emitter for Python License: MIT From a4adf00dce5aee8fd78164799e327e7ca956a6efca4293fd9d48be92aa698baf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20S=C3=BAkup?= Date: Thu, 19 Mar 2020 07:25:28 +0000 Subject: [PATCH 2/2] * fixes boo#1165439 (cve-2020-1747) Prevents arbitrary code execution during python/object/new constructor OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-PyYAML?expand=0&rev=38 --- python-PyYAML.changes | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python-PyYAML.changes b/python-PyYAML.changes index 56260cd..8bdc0ce 100644 --- a/python-PyYAML.changes +++ b/python-PyYAML.changes @@ -2,7 +2,8 @@ Thu Mar 19 07:23:23 UTC 2020 - Ondřej Súkup - update to 5.3.1 - * Prevents arbitrary code execution during python/object/new constructor + * fixes boo#1165439 (cve-2020-1747) Prevents arbitrary code execution + during python/object/new constructor ------------------------------------------------------------------- Tue Jan 7 09:55:39 UTC 2020 - Ondřej Súkup