Bug 15747 - python-httplib2 new security issue CVE-2013-2037
Summary: python-httplib2 new security issue CVE-2013-2037
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Philippe Makowski
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/550453/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-04-22 18:10 CEST by David Walser
Modified: 2015-04-24 16:51 CEST (History)
0 users

See Also:
Source RPM: python-httplib2-0.9-5.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-04-22 18:10:32 CEST 
+++ This bug was initially created as a clone of Bug #10055 +++

Philippe, in Cauldron, you removed the patch for this CVE when you updated to 0.9:
http://svnweb.mageia.org/packages/cauldron/python-httplib2/current/SPECS/python-httplib2.spec?r1=628709&r2=661707

Fedora has added back this patch and a couple other fixes for 0.9 here:
http://pkgs.fedoraproject.org/cgit/python-httplib2.git/commit/?h=f22&id=2ddc623a079376dc8ad24b2b5153919a8a724686

We should sync those patches into Cauldron.
Comment 1 David Walser 2015-04-22 18:11:19 CEST 
Here's the advisory associated with the Fedora update:
https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154921.html
Comment 2 Philippe Makowski 2015-04-22 23:26:35 CEST 
Freeze push asked
Comment 3 David Walser 2015-04-24 16:51:02 CEST 
python-httplib2-0.9-6.mga5 uploaded for Cauldron.  Thanks Philippe!

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.