| Summary: | python3 new security issues fixed upstream in 3.7.6 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, sysadmin-bugs, tarazed25 |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | python3-3.7.5-1.mga7.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2020-01-15 18:40:49 CET
Assigning to the Python stack maintainers (no registered individual for this SRPM). Assignee:
bugsquad =>
python Updated package uploaded by David Geiger. Advisory: ======================== Updated python3 packages fix security vulnerabilities: The python3 package has been updated to version 3.7.6, which fixes security issues and other bugs. See the upstream changelog for details. References: https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-6-final ======================== Updated packages in core/updates_testing: ======================== python3-3.7.6-1.mga7 libpython3.7-3.7.6-1.mga7 libpython3.7-stdlib-3.7.6-1.mga7 libpython3.7-testsuite-3.7.6-1.mga7 libpython3-devel-3.7.6-1.mga7 python3-docs-3.7.6-1.mga7 tkinter3-3.7.6-1.mga7 tkinter3-apps-3.7.6-1.mga7 from python3-3.7.6-1.mga7.src.rpm Summary:
python new security issues fixed upstream in 3.7.6 =>
python3 new security issues fixed upstream in 3.7.6 Mageia7, x86_64 Clean update of all eight packages. There are many applications based on or needing python at some stage, 2012 for lib64python3.7 alone: .... alien anjuta anki ansible .... blender, kodi, youtube-dl, zinc. Not going there. Could not find any leads on testsuite. It may well be a self-test collection for packagers which from previous experience could involve a test harness framework inaccessible to QA testers. So hello-world type scripts must suffice for testing. $ python3 eratosthenes.py [...] q = 283 q = 293 Returns the first 62 prime numbers. The script can be cut and pasted into an interactive session and works just as well. $ python3 Python 3.7.6 (default, Jan 21 2020, 20:43:18) [GCC 8.3.1 20190524] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import itertools >>> >>> def eratosthenes( max ): ... '''Yields the sequence of prime numbers via the Sieve of Eratosthenes.''' ... D = { } # map each composite integer to its first-found prime factor ... for q in itertools.count( ): # q gets 2, 3, 4, 5, ... ad infinitum ... p = D.pop( q, None ) ... if p is None: ... # q not a key in D, so q is prime ... # mark q squared as not-prime (with q as first-found prime factor) ... if q > 1: ... print( "q = %d" % q ) ... D[q*q] = q ... else: ... # let x <- smallest (N*p)+q which wasn't yet known to be composite ... # we just learned x is composite, with p first-found prime factor, ... # since p is the first-found prime factor of q -- find and mark it ... x = p + q ... while x in D: ... x += p ... if q > max: ... return( 0 ) ... D[x] = p ... >>> eratosthenes( 300 ) q = 2 q = 3 [...] q = 281 q = 283 q = 293 0 >>> exit( ) $ $ python3 button.py This generated a popup with "hello" and "quit" buttons, which worked. $ python3 fibonacci.py Fibonacci series for first 13 terms 0, 1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144, 233 The tenth term is 34 [0, 1, 1, 2, 3, 5, 8, 13, 21, 34] So, basic arithmetic and functionality is demonstrated. Letting the update go. Whiteboard:
(none) =>
MGA7-64-OK Validating. Advisory in Comment 2. CC:
(none) =>
andrewsfarm, sysadmin-bugs
Lewis Smith
2020-01-27 20:40:29 CET
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0055.html Status:
NEW =>
RESOLVED |