Security fix for CVE-2015-20107

Resolves: rhbz#2075390
2022-06-10 01:10:38 +02:00 · 2022-06-10 01:10:38 +02:00 · face7cd60e
commit face7cd60e
parent 65cf3d711c
2 changed files with 165 additions and 1 deletions
--- a/python3.9.spec
+++ b/python3.9.spec
@ -17,7 +17,7 @@ URL: https://www.python.org/
 #global prerel ...
 %global upstream_version %{general_version}%{?prerel}
 Version: %{general_version}%{?prerel:~%{prerel}}
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: Python


@ -387,6 +387,16 @@ Patch353: 00353-architecture-names-upstream-downstream.patch
 # https://github.com/GrahamDumpleton/mod_wsgi/issues/730
 Patch371: 00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch

+# 00382 # 9e275dcdf3934b827994ecc3247d583d5bab7985
+# CVE-2015-20107
+#
+# Make mailcap refuse to match unsafe filenames/types/params (GH-91993)
+#
+# Upstream: https://github.com/python/cpython/issues/68966
+#
+# Tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=2075390
+Patch382: 00382-cve-2015-20107.patch
+
 # (New patches go here ^^^)
 #
 # When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@ -1805,6 +1815,10 @@ CheckPython optimized
 # ======================================================

 %changelog
+* Thu Jun 09 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.9.13-2
+- Security fix for CVE-2015-20107
+Resolves: rhbz#2075390
+
 * Wed May 18 2022 Tomáš Hrnčiar <thrnciar@redhat.com> - 3.9.13-1
 - Update to 3.9.13