python-pip-1.3.1-4.fc19 security update
|Date Submitted:||2013-07-17 06:14:48|
|Date Released:||2013-07-18 02:32:53|
Fix potential DOS with specially crafted malicious SSL certs. Backing out rename of pip binary to fix #958377 and updating package summary to match upstream's description. Backing out rename of pip binary to fix #958377 and updating package summary to match upstream's description.Bugs Fixed963260 - CVE-2013-2098: CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns970110 - CVE-2013-2099: python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns [fedora-all]958377 - Fedora's python-pip package does not provide /usr/bin/pipbodhi - 2013-07-17 06:15:13This update has been submitted for testing by toshio.
autoqa - 2013-07-17 06:46:29AutoQA: depcheck test PASSED on x86_64. Result log: http://autoqa.fedoraproject.org/report/wsyb (results are informative only)
pbrady - 2013-07-17 10:59:18It looks like you didn't remove the python-pip binary rename. This is probably the right thing to do here, but the description above should be adjusted I think to not mention the rename of the pip binary. Getting this rename included will get us out of the awkward situation with "pip" being available on F18 now but not F19
toshio - 2013-07-17 16:45:11I'm sorry -- I don't quite understand your comment? The removal of the binary rename was done in 1.3.1-3. Unfortunately, that wasn't pushed to stable before I submitted this security update. So now it needs to wait for this package to be pushed to stable. This package version (1.3.1-4) includes /usr/bin/pip. So it should match with what's in F18 once it goes to stable.
pbrady - 2013-07-17 16:52:19I understand the description now. I thought you added that you were "backing out the rename" change, when that comment was in fact already present and referenced the original pip rename :)
autoqa - 2013-07-17 16:52:50AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/wu8e (results are informative only)
bodhi - 2013-07-17 17:38:03This update is currently being pushed to the Fedora 19 testing updates repository.
bodhi - 2013-07-18 05:43:46This update has been pushed to testing
misc (proventesters) - 2013-07-21 08:57:02pip list and pip install run fine
bodhi - 2013-07-25 10:07:17This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
pbrady - 2013-07-25 11:39:24please push this so pip is available in F19 as it's already in F18. thanks
bodhi - 2013-07-25 15:19:55This update has been submitted for stable by toshio.
bodhi - 2013-07-25 16:11:05This update is currently being pushed to the Fedora 19 stable updates repository.
bodhi - 2013-07-26 00:26:58This update has been pushed to stable