From 93c812d4486237447f07866b5124ba38cbe8e25c426dfca8b4d5aea00a486df1 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 23 Apr 2024 15:53:53 +0000 Subject: [PATCH] - Revert CVE-2022-48560-after-free-heappushpop.patch, the fix was unneeded. - Add CVE-2022-48560-after-free-heappushpop.patch fixing use-after-free in Python via heappushpop in heapq (bsc#1214675, CVE-2022-48560). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=411 --- python-base.changes | 5 +++++ python-doc.changes | 5 +++++ python.changes | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/python-base.changes b/python-base.changes index 8402af4..092c6ec 100644 --- a/python-base.changes +++ b/python-base.changes @@ -4,6 +4,8 @@ Tue Apr 16 15:39:24 UTC 2024 - Matej Cepl - Modify CVE-2023-27043-email-parsing-errors.patch to fix the unicode string handling in email.utils.parseaddr() (bsc#1222537). +- Revert CVE-2022-48560-after-free-heappushpop.patch, the fix was + unneeded. ------------------------------------------------------------------- Mon Mar 18 09:54:20 UTC 2024 - Matej Cepl @@ -24,6 +26,9 @@ Mon Jan 8 10:00:07 UTC 2024 - Daniel Garcia ------------------------------------------------------------------- Mon Nov 27 16:30:33 UTC 2023 - Matej Cepl +- Add CVE-2022-48560-after-free-heappushpop.patch fixing + use-after-free in Python via heappushpop in heapq (bsc#1214675, + CVE-2022-48560). - switch from %patchN style to the %patch -P N one. ------------------------------------------------------------------- diff --git a/python-doc.changes b/python-doc.changes index 8402af4..092c6ec 100644 --- a/python-doc.changes +++ b/python-doc.changes @@ -4,6 +4,8 @@ Tue Apr 16 15:39:24 UTC 2024 - Matej Cepl - Modify CVE-2023-27043-email-parsing-errors.patch to fix the unicode string handling in email.utils.parseaddr() (bsc#1222537). +- Revert CVE-2022-48560-after-free-heappushpop.patch, the fix was + unneeded. ------------------------------------------------------------------- Mon Mar 18 09:54:20 UTC 2024 - Matej Cepl @@ -24,6 +26,9 @@ Mon Jan 8 10:00:07 UTC 2024 - Daniel Garcia ------------------------------------------------------------------- Mon Nov 27 16:30:33 UTC 2023 - Matej Cepl +- Add CVE-2022-48560-after-free-heappushpop.patch fixing + use-after-free in Python via heappushpop in heapq (bsc#1214675, + CVE-2022-48560). - switch from %patchN style to the %patch -P N one. ------------------------------------------------------------------- diff --git a/python.changes b/python.changes index 8402af4..092c6ec 100644 --- a/python.changes +++ b/python.changes @@ -4,6 +4,8 @@ Tue Apr 16 15:39:24 UTC 2024 - Matej Cepl - Modify CVE-2023-27043-email-parsing-errors.patch to fix the unicode string handling in email.utils.parseaddr() (bsc#1222537). +- Revert CVE-2022-48560-after-free-heappushpop.patch, the fix was + unneeded. ------------------------------------------------------------------- Mon Mar 18 09:54:20 UTC 2024 - Matej Cepl @@ -24,6 +26,9 @@ Mon Jan 8 10:00:07 UTC 2024 - Daniel Garcia ------------------------------------------------------------------- Mon Nov 27 16:30:33 UTC 2023 - Matej Cepl +- Add CVE-2022-48560-after-free-heappushpop.patch fixing + use-after-free in Python via heappushpop in heapq (bsc#1214675, + CVE-2022-48560). - switch from %patchN style to the %patch -P N one. -------------------------------------------------------------------