Accepting request 736435 from home:mcepl:branches:devel:languages:python:Factory

- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in python/Lib/DocXMLRPCServer.py OBS-URL: https://build.opensuse.org/request/show/736435 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=253
2019-10-09 10:17:50 +00:00
parent e4bf1a5dfb
commit f5ffed7eba
5 changed files with 97 additions and 0 deletions
--- a/python-base.spec
+++ b/python-base.spec
@@ -86,6 +86,9 @@ Patch53:        CVE-2019-9947-no-ctrl-char-http.patch
 Patch54:        CVE-2018-20852-cookie-domain-check.patch
 # PATCH-FIX-UPSTREAM https://github.com/python/cpython/pull/12341
 Patch55:        bpo36302-sort-module-sources.patch
+# PATCH-FIX-UPSTREAM CVE-2019-16935-xmlrpc-doc-server_title.patch bsc#1153238 mcepl@suse.com
+# XSS vulnerability in the documentation XML-RPC server in server_title field
+Patch56:        CVE-2019-16935-xmlrpc-doc-server_title.patch
 # COMMON-PATCH-END
 %define         python_version    %(echo %{tarversion} | head -c 3)
 BuildRequires:  automake
@@ -202,6 +205,7 @@ other applications.
 %patch53 -p1
 %patch54 -p1
 %patch55 -p1
+%patch56 -p1

 # drop Autoconf version requirement
 sed -i 's/^version_required/dnl version_required/' configure.ac