The following builds have been pushed to Fedora EPEL 7 updates-testing
pyicu-2.9-4.el7
python3-flask-1.1.4-1.el7
python3-werkzeug-1.0.1-2.el7
Details about builds:
================================================================================
pyicu-2.9-4.el7 (FEDORA-EPEL-2023-e2b1bcad07)
Python extension wrapping the ICU C++ libraries
--------------------------------------------------------------------------------
Update Information:
Provides fix
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 29 2023 Gwyn Ciesla <gwync(a)protonmail.com> - 2.9-4
- Add explicit python36-pyicu provides
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2234801 - Missing dependencies for gramps
https://bugzilla.redhat.com/show_bug.cgi?id=2234801
--------------------------------------------------------------------------------
================================================================================
python3-flask-1.1.4-1.el7 (FEDORA-EPEL-2023-2b99803700)
Micro-framework for Python based on Werkzeug, Jinja 2 and good intentions
--------------------------------------------------------------------------------
Update Information:
- Update to version 1.1.4 - Rename python36-flask to python3-flask - Backport
patch for CVE-2023-30861 - Run test suite in %check
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 29 2023 Carl George <carlwgeorge(a)fedoraproject.org> - 1.1.4-1
- Update to version 1.1.4
- Rename python36-flask to python3-flask
- Backport patch for CVE-2023-30861, resolves rhbz#2196676
- Run test suite in %check
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2196676 - CVE-2023-30861 python3-flask: flask: Possible disclosure of
permanent session cookie due to missing Vary: Cookie header [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=2196676
--------------------------------------------------------------------------------
================================================================================
python3-werkzeug-1.0.1-2.el7 (FEDORA-EPEL-2023-f73923f479)
Comprehensive WSGI web application library
--------------------------------------------------------------------------------
Update Information:
- Rename python36-werkzeug to python3-werkzeug - Backport patch for
CVE-2023-25577 - Backport patch for CVE-2023-23934 - Run test suite in %check
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 28 2023 Carl George <carlwgeorge(a)fedoraproject.org> - 1.0.1-2
- Rename python36-werkzeug to python3-werkzeug
- Backport patch for CVE-2023-25577, resolves rhbz#2170246
- Backport patch for CVE-2023-23934, resolves rhbz#2170247
- Run test suite in %check
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2170246 - CVE-2023-25577 python3-werkzeug: python-werkzeug: high resource
usage when parsing multipart form data with many fields [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=2170246
[ 2 ] Bug #2170247 - CVE-2023-23934 python3-werkzeug: python-werkzeug: cookie prefixed
with = can shadow unprefixed cookie [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=2170247
--------------------------------------------------------------------------------