Bug 15747

Summary: python-httplib2 new security issue CVE-2013-2037
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Philippe Makowski <makowski.mageia>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/550453/
Whiteboard:
Source RPM: python-httplib2-0.9-5.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-04-22 18:10:32 CEST 
+++ This bug was initially created as a clone of Bug #10055 +++

Philippe, in Cauldron, you removed the patch for this CVE when you updated to 0.9:
http://svnweb.mageia.org/packages/cauldron/python-httplib2/current/SPECS/python-httplib2.spec?r1=628709&r2=661707

Fedora has added back this patch and a couple other fixes for 0.9 here:
http://pkgs.fedoraproject.org/cgit/python-httplib2.git/commit/?h=f22&id=2ddc623a079376dc8ad24b2b5153919a8a724686

We should sync those patches into Cauldron.
Comment 1 David Walser 2015-04-22 18:11:19 CEST 
Here's the advisory associated with the Fedora update:
https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154921.html
Comment 2 Philippe Makowski 2015-04-22 23:26:35 CEST 
Freeze push asked
Comment 3 David Walser 2015-04-24 16:51:02 CEST 
python-httplib2-0.9-6.mga5 uploaded for Cauldron.  Thanks Philippe!

Status: NEW => RESOLVED
Resolution: (none) => FIXED