You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa python

Sigurnosni nedostaci programskog paketa python

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2020-e0f35d634c
2020-10-23 22:01:02.257497
——————————————————————————–

Name : python-bleach
Product : Fedora 33
Version : 3.2.1
Release : 1.fc33
URL : https://protect2.fireeye.com/v1/url?k=3c8d0f65-609fbb61-3c8a92a9-000babd90757-7d7d5fae5c083b76&q=1&e=6855ff59-f3d6-4e52-82c3-074c7340e639&u=https%3A%2F%2Fgithub.com%2Fmozilla%2Fbleach
Summary : An easy whitelist-based HTML-sanitizing tool
Description :
Bleach is an HTML sanitizing library that escapes or strips markup and
attributes based on a white list.

——————————————————————————–
Update Information:

update to 3.2.1 (rhbz#1829635)
——————————————————————————–
ChangeLog:

* Mon Oct 5 2020 Matthias Runge <mrunge@redhat.com> – 3.2.1-1
– update to 3.2.1 (rhbz#1829635)
– fix ftbfs (1863709)
– fix CVE-2020-6816 (rhbz#1827493)
* Sat Aug 1 2020 Fedora Release Engineering <releng@fedoraproject.org> – 3.1.4-5
– Second attempt – Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> – 3.1.4-4
– Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
——————————————————————————–
References:

[ 1 ] Bug #1827493 – CVE-2020-6816 python-bleach: Mutation cross-site scripting in bleach.clean [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1827493
[ 2 ] Bug #1829635 – python-bleach-3.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1829635
[ 3 ] Bug #1863709 – python-bleach: FTBFS in Fedora rawhide/f33
https://bugzilla.redhat.com/show_bug.cgi?id=1863709
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-e0f35d634c’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=b2ace476-eebe5072-b2ab79ba-000babd90757-315a2be018a40e97&q=1&e=6855ff59-f3d6-4e52-82c3-074c7340e639&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2020-e22e9a655d
2020-10-23 22:01:02.257874
——————————————————————————–

Name : python-msldap
Product : Fedora 33
Version : 0.3.15
Release : 1.fc33
URL : https://protect2.fireeye.com/v1/url?k=2f6c7cab-737ec8af-2f6be167-000babd90757-1276a8373c5f1536&q=1&e=c0081088-eb5a-45ee-8d53-1433a1d8815f&u=https%3A%2F%2Fgithub.com%2Fskelsec%2Fmsldap
Summary : Python library to play with MS LDAP
Description :
Python library to play with MS LDAP.

——————————————————————————–
Update Information:

Update to latest upstream release 0.3.15 (#1885156)
——————————————————————————–
ChangeLog:

* Mon Oct 5 2020 Fabian Affolter <mail@fabian-affolter.ch> – 0.3.15-1
– Update to latest upstream release 0.3.15 (#1885156)
——————————————————————————–
References:

[ 1 ] Bug #1555156 – CVE-2018-7728 CVE-2018-7729 CVE-2018-7730 CVE-2018-7731 exempi: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1555156
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-e22e9a655d’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=8b975c42-d785e846-8b90c18e-000babd90757-cc9b6b1f2003fe8b&q=1&e=c0081088-eb5a-45ee-8d53-1433a1d8815f&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2020-972ad7c8a8
2020-10-23 22:01:02.259755
——————————————————————————–

Name : python-PyMuPDF
Product : Fedora 33
Version : 1.18.0
Release : 1.fc33
URL : https://protect2.fireeye.com/v1/url?k=d26e7cfd-8e7cc8f9-d269e131-000babd90757-d9938edcf8dddf19&q=1&e=b94f41fc-292a-40ce-a390-784595cd1669&u=https%3A%2F%2Fgithub.com%2Fpymupdf%2FPyMuPDF
Summary : Python binding for MuPDF – a lightweight PDF and XPS viewer
Description :
This is PyMuPDF, a Python binding for MuPDF – a lightweight PDF and XPS
viewer. MuPDF can access files in PDF, XPS, OpenXPS, epub, comic and fiction
book formats, and it is known for its top performance and high rendering
quality. With PyMuPDF you therefore can also access files with extensions
*.pdf, *.xps, *.oxps, *.epub, *.cbz or *.fb2 from your Python scripts.

——————————————————————————–
Update Information:

mupdf 1.18.0 and depending packages
——————————————————————————–
ChangeLog:

* Thu Oct 8 2020 Michael J Gruber <mjg@fedoraproject.org> – 1.18.0-1
– Update to new upstream release 1.18.0
——————————————————————————–
References:

[ 1 ] Bug #1886338 – CVE-2020-26519 mupdf: heap based buffer over-write when parsing JBIG2 files allows DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1886338
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-972ad7c8a8’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=42c8bce0-1eda08e4-42cf212c-000babd90757-e6504a5b0469f23c&q=1&e=b94f41fc-292a-40ce-a390-784595cd1669&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2020-3cea1ac8f3
2020-10-25 01:19:04.801088
——————————————————————————–

Name : python-PyMuPDF
Product : Fedora 32
Version : 1.18.0
Release : 1.fc32
URL : https://protect2.fireeye.com/v1/url?k=33a6a286-6fb41682-33a13f4a-000babd90757-177fc8e3b1a1851c&q=1&e=b1fc70c3-ed61-4ad6-b225-a4d7fb0aa096&u=https%3A%2F%2Fgithub.com%2Fpymupdf%2FPyMuPDF
Summary : Python binding for MuPDF – a lightweight PDF and XPS viewer
Description :
This is PyMuPDF, a Python binding for MuPDF – a lightweight PDF and XPS
viewer. MuPDF can access files in PDF, XPS, OpenXPS, epub, comic and fiction
book formats, and it is known for its top performance and high rendering
quality. With PyMuPDF you therefore can also access files with extensions
*.pdf, *.xps, *.oxps, *.epub, *.cbz or *.fb2 from your Python scripts.

——————————————————————————–
Update Information:

mupdf 1.18.0 and depending packages
——————————————————————————–
ChangeLog:

* Thu Oct 8 2020 Michael J Gruber <mjg@fedoraproject.org> – 1.18.0-1
– Update to new upstream release 1.18.0
——————————————————————————–
References:

[ 1 ] Bug #1886338 – CVE-2020-26519 mupdf: heap based buffer over-write when parsing JBIG2 files allows DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1886338
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-3cea1ac8f3’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=ec282648-b03a924c-ec2fbb84-000babd90757-78f06aa639b9c231&q=1&e=b1fc70c3-ed61-4ad6-b225-a4d7fb0aa096&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

AutorBruno Varga
Cert idNCERT-REF-2020-10-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa hunspell

Otkriven je sigurnosni nedostatak u programskom paketu hunspell za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja....

Close