Ubuntu has issued advisories on November 28: https://usn.ubuntu.com/usn/usn-3496-1/ https://usn.ubuntu.com/usn/usn-3496-3/ Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOO
CC'ing all packagers collectively, in case philippem's still unavailable.
CC: (none) => marja11, pkg-bugs
Helpful links regarding this : Link to discussion regarding this bug, contains the patches as well: https://bugs.python.org/issue30657
CC: (none) => jackal.j
QA Contact: (none) => securityComponent: RPM Packages => Security
Advisory: ======================== Updated python, python3 packages fix security vulnerability: It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code (CVE-2017-1000158). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158 https://usn.ubuntu.com/usn/usn-3496-1/ https://usn.ubuntu.com/usn/usn-3496-3/ ======================== Updated packages in core/updates_testing: ======================== python-2.7.9-2.5.mga5 libpython2.7-2.7.9-2.5.mga5 libpython-devel-2.7.9-2.5.mga5 python-docs-2.7.9-2.5.mga5 tkinter-2.7.9-2.5.mga5 tkinter-apps-2.7.9-2.5.mga5 python3-3.4.3-1.6.mga5 libpython3.4-3.4.3-1.6.mga5 libpython3-devel-3.4.3-1.6.mga5 python3-docs-3.4.3-1.6.mga5 tkinter3-3.4.3-1.6.mga5 tkinter3-apps-3.4.3-1.6.mga5 python-2.7.13-1.1.mga6 libpython2.7-2.7.13-1.1.mga6 libpython2.7-stdlib-2.7.13-1.1.mga6 libpython2.7-testsuite-2.7.13-1.1.mga6 libpython-devel-2.7.13-1.1.mga6 python-docs-2.7.13-1.1.mga6 tkinter-2.7.13-1.1.mga6 tkinter-apps-2.7.13-1.1.mga6 python3-3.5.3-1.1.mga6 libpython3.5-3.5.3-1.1.mga6 libpython3.5-stdlib-3.5.3-1.1.mga6 libpython3.5-testsuite-3.5.3-1.1.mga6 libpython3-devel-3.5.3-1.1.mga6 python3-docs-3.5.3-1.1.mga6 tkinter3-3.5.3-1.1.mga6 tkinter3-apps-3.5.3-1.1.mga6 from SRPMS: python-2.7.9-2.5.mga5.src.rpm python3-3.4.3-1.6.mga5.src.rpm python-2.7.13-1.1.mga6.src.rpm python3-3.5.3-1.1.mga6.src.rpm
Version: Cauldron => 6CC: pkg-bugs => makowski.mageiaAssignee: makowski.mageia => qa-bugsWhiteboard: MGA6TOO, MGA5TOO => MGA5TOO
CC: (none) => davidwhodginsKeywords: (none) => advisory
Mageia 6 :: x86-64 Updated python packages. Installed python-ply. As root: # python /usr/share/doc/python-ply/example/calc/calc.py Generating LALR tables calc > a=2 calc > b=47 calc > a*b 94 As user: $ cd /usr/share/doc/python-ply/test $ python testlex.py .F..FFFE.................................. ---------------------------------------------------------------------- Ran 42 tests in 0.179s FAILED (failures=4, errors=1) If run under root all 42 tests succeed. The user failures are to do with access permissions. # python testlex.py .......................................... ---------------------------------------------------------------------- Ran 42 tests in 0.365s OK # python testyacc.py .......................................... ---------------------------------------------------------------------- Ran 42 tests in 0.077s OK Installed python3-ply. As root: # cd /usr/share/doc/python3-ply/test # python3 testlex.py .......................................... ---------------------------------------------------------------------- Ran 42 tests in 0.476s OK # python3 testyacc.py .......................................... ---------------------------------------------------------------------- Ran 42 tests in 0.097s OK Hoping this is sufficient for an OK in our straitened circumstances.
CC: (none) => tarazed25Whiteboard: MGA5TOO => MGA5TOO exit
Whiteboard: MGA5TOO exit => MGA5TOO MGA6-64-OK
Withdrawing the OK because tkinter has not been tested.
Whiteboard: MGA5TOO MGA6-64-OK => MGA5TOO
There are web guides for tkinter programmers at file:///usr/share/doc/python3-docs/library/tkinter.html and file:///usr/share/doc/python-docs/library/tkinter.html and also for tkinter.ttk (Tk themed widgets - an unfinished project). Have not been able to track down the tkinter(3)-apps. python-ply/example has several python scripts but none of them use tk. I downloaded a graphical tkinter example but foundered on the imported modules. matplotlib can be installed from an rpm but I have no recent experience with using pip or python-pip (aka so long ago it has been forgotten). For python as a whole the library/test.html document indicates that regression tests can be executed using the built in test suite. $ python -m test.regrtest 357 tests OK This runs through a series of 401 tests, which take a while and keeps a running total of the failures. 4 tests failed and 39 were skipped for various reasons like 'for BSD only' or 'requires loads of disk space and a long time to run'. Note that this test is quoted in python3 documentation. It does not work for python3. Continuing the search for tkinter-apps.
Note that this update doesn't affect tkinter.
Re comment 7: Good to know - I should have realized that. Thanks. Anyway I found a helloworld script on another machine that works with tkinter. Reinstating the 64-bit OK.
Whiteboard: MGA5TOO => MGA5TOO MGA6-64-OK
Mageia 5 :: x86_64 Updated all packages and installed {python,python3}-ply. $ cd /usr/share/doc/python-ply/example As root: # python calc/calc.py Generating LALR tables calc > a = 71 calc > b = 44 calc > a*b 3124 calc > x = a*b calc > x/2 1562 calc > x/22 142 Ran calc.py in python3-ply to perform similar calculations. # cd ../test # python testlex.py .......................................... ---------------------------------------------------------------------- Ran 42 tests in 0.292s OK # python testyacc.py ................................ ---------------------------------------------------------------------- Ran 32 tests in 0.045s OK Running python3 against the test scripts in python3-ply returned similar results. Installed python-imaging-tk. Back to user. Ran a helloworld script with a two button gui. That worked fine, buttons responded and a dummy gui window was launched with entry fields and checkbuttons but no callbacks. Converted a local JPEG file to a photoimage. Still in development but it works with python. Calling time on this one. OK.
Whiteboard: MGA5TOO MGA6-64-OK => MGA5TOO MGA6-64-OK MGA5-64-OK
Super work, Len. This bug can be a reference for future Python testing. Do you want to attach the "Hello World" script for tkinter - which pops up from time to time? Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Re comment 10: The original script was childishly simple but I can attach it - maybe next year ;-)
Created attachment 9871 [details] Basic hello world script for tkinter Just hello goodbye for python 2
Created attachment 9872 [details] Hello World type script for tkinter with python 3 Main differences from 2.7 are: #!/bin/env python -> #!/bin/env python3 Tkinter -> tkinter print "string" => print( "string" )
Created attachment 9873 [details] Hello World script for tkinter with python 3 Added a few comments for complete beginners.
Attachment 9872 is obsolete: 0 => 1
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0004.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED