python security and bug fix update

ID ELSA-2017-1868
Type oraclelinux
Reporter Oracle
Modified 2017-08-07T00:00:00


[2.7.5-58.0.1] - Add Oracle Linux distribution in [orabug 20812544] [2.7.5-58] - Set stream to None in case an _open() fails. Resolves: rhbz#1432003 [2.7.5-57] - Fix implicit declaration warnings of functions added by patches 147 and 265 Resolves: rhbz#1441237 [2.7.5-56] - Fix shutil.make_archive ignoring empty directories when creating zip files Resolves: rhbz#1439734 [2.7.5-55] - Update Python RPM macros with new ones from EPEL7 to simplify packaging Resolves: rhbz#1297522 [2.7.5-54] - Protect key list during fork() Resolves: rhbz#1268226 [2.7.5-53] - Fix _ssl.c reference leaks Resolves: rhbz#1272562 [2.7.5-52] - Workaround Python's threading library issue with non returning wait, for signals with timeout Resolves: rhbz#1368076 [2.7.5-51] - Enable certificate verification by default Resolves: rhbz#1219110 [2.7.5-50] - Fix incorrect parsing of certain regular expressions Resolves: rhbz#1373363 [2.7.5-49] - Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs Resolves: rhbz#1364444 [2.7.5-48] - Fix for CVE-2016-1000110 HTTPoxy attack Resolves: rhbz#1359164 [2.7.5-47] - Fix for CVE-2016-5636: possible integer overflow and heap corruption in zipimporter.get_data() Resolves: rhbz#1356364 [2.7.5-46] - Drop patch 221 that backported sslwrap function since it was introducing regressions - Refactor patch 227 Resolves: rhbz#1331425 [2.7.5-45] - Fix for CVE-2016-0772 python: smtplib StartTLS stripping attack (rhbz#1303647) Raise an error when STARTTLS fails (upstream patch) - Fix for CVE-2016-5699 python: http protocol steam injection attack (rhbz#1303699) Disabled HTTP header injections in httplib (upstream patch) Resolves: rhbz#1346357 [2.7.5-44] - Fix iteration over files with very long lines Resolves: rhbz#1271760 [2.7.5-43] - Move python.conf from /etc/tmpfiles.d/ to /usr/lib/tmpfiles.d/ Resolves: rhbz#1288426 [2.7.5-42] - JSON decoder lone surrogates fix Resolves: rhbz#1301017 [2.7.5-41] - Updated PEP493 implementation Resolves: rhbz#1315758 [2.7.5-40] - Backport of Computed Goto dispatch Resolves: rhbz#1289277