Site Navigation:
security python-pip-1.3.1-4.fc19 security update
Status:stable
Release: Fedora 19
Update ID: FEDORA-2013-13216
Builds: python-pip-1.3.1-4.fc19 (logs)
Pushed: True
Date Submitted: 2013-07-17 06:14:48
Date Released: 2013-07-18 02:32:53
Submitter: toshio
Karma: 2
Stable karma: 3
Unstable karma: -3
Details

Fix potential DOS with specially crafted malicious SSL certs. Backing out rename of pip binary to fix #958377 and updating package summary to match upstream's description. Backing out rename of pip binary to fix #958377 and updating package summary to match upstream's description.

Bugs Fixed
963260 - CVE-2013-2098: CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns
970110 - CVE-2013-2099: python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns [fedora-all]
958377 - Fedora's python-pip package does not provide /usr/bin/pip
Feedback
bodhi - 2013-07-17 06:15:13
This update has been submitted for testing by toshio.
autoqa - 2013-07-17 06:46:29
AutoQA: depcheck test PASSED on x86_64. Result log: http://autoqa.fedoraproject.org/report/wsyb (results are informative only)
pbrady - 2013-07-17 10:59:18
It looks like you didn't remove the python-pip binary rename. This is probably the right thing to do here, but the description above should be adjusted I think to not mention the rename of the pip binary. Getting this rename included will get us out of the awkward situation with "pip" being available on F18 now but not F19
toshio - 2013-07-17 16:45:11
I'm sorry -- I don't quite understand your comment? The removal of the binary rename was done in 1.3.1-3. Unfortunately, that wasn't pushed to stable before I submitted this security update. So now it needs to wait for this package to be pushed to stable. This package version (1.3.1-4) includes /usr/bin/pip. So it should match with what's in F18 once it goes to stable.
pbrady - 2013-07-17 16:52:19
I understand the description now. I thought you added that you were "backing out the rename" change, when that comment was in fact already present and referenced the original pip rename :)
autoqa - 2013-07-17 16:52:50
AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/wu8e (results are informative only)
bodhi - 2013-07-17 17:38:03
This update is currently being pushed to the Fedora 19 testing updates repository.
bodhi - 2013-07-18 05:43:46
This update has been pushed to testing
misc (proventesters) - 2013-07-21 08:57:02
pip list and pip install run fine
bodhi - 2013-07-25 10:07:17
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
pbrady - 2013-07-25 11:39:24
please push this so pip is available in F19 as it's already in F18. thanks
bodhi - 2013-07-25 15:19:55
This update has been submitted for stable by toshio.
bodhi - 2013-07-25 16:11:05
This update is currently being pushed to the Fedora 19 stable updates repository.
bodhi - 2013-07-26 00:26:58
This update has been pushed to stable

Add a comment

Tip: Login to impact how quickly this update gets pushed or unpushed.
obfuscated letters