Processed: Re: Bug#882621: stretch-pu: package python2.7/2.7.13-2+deb9u2

2017-11-29 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + pending
Bug #882621 [release.debian.org] stretch-pu: package python2.7/2.7.13-2+deb9u2
Added tag(s) pending.

-- 
882621: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882621
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#882621: stretch-pu: package python2.7/2.7.13-2+deb9u2

2017-11-29 Thread Adam D. Barratt 

Control: tags -1 + pending

On 2017-11-26 15:25, Moritz Mühlenhoff wrote:

On Sun, Nov 26, 2017 at 01:52:04PM +, Adam D. Barratt wrote:

Control: tags -1 + confirmed

On Fri, 2017-11-24 at 23:18 +0100, Moritz Muehlenhoff wrote:
> I'd like to add a fix for a minor security issue in Python 2.7 to the
> as a followup update to what's already in spu. debdiff is below.
>
> This is fixed in unstable in 2.7.13-4.

Please go ahead.


Thanks, uploaded.


Flagged for acceptance.

Regards,

Adam

Bug#882621: stretch-pu: package python2.7/2.7.13-2+deb9u2

2017-11-26 Thread Moritz Mühlenhoff 
On Sun, Nov 26, 2017 at 01:52:04PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Fri, 2017-11-24 at 23:18 +0100, Moritz Muehlenhoff wrote:
> > I'd like to add a fix for a minor security issue in Python 2.7 to the
> > as a followup update to what's already in spu. debdiff is below.
> > 
> > This is fixed in unstable in 2.7.13-4.
> 
> Please go ahead.

Thanks, uploaded.

Cheers,
Moritz

Bug#882621: stretch-pu: package python2.7/2.7.13-2+deb9u2

2017-11-26 Thread Adam D. Barratt 
Control: tags -1 + confirmed

On Fri, 2017-11-24 at 23:18 +0100, Moritz Muehlenhoff wrote:
> I'd like to add a fix for a minor security issue in Python 2.7 to the
> as a followup update to what's already in spu. debdiff is below.
> 
> This is fixed in unstable in 2.7.13-4.

Please go ahead.

Regards,

Adam

Processed: Re: Bug#882621: stretch-pu: package python2.7/2.7.13-2+deb9u2

2017-11-26 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + confirmed
Bug #882621 [release.debian.org] stretch-pu: package python2.7/2.7.13-2+deb9u2
Added tag(s) confirmed.

-- 
882621: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882621
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#882621: stretch-pu: package python2.7/2.7.13-2+deb9u2

2017-11-24 Thread Moritz Muehlenhoff 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi,
I'd like to add a fix for a minor security issue in Python 2.7 to the
as a followup update to what's already in spu. debdiff is below.

This is fixed in unstable in 2.7.13-4.

Cheers,
Moritz

diff -u python2.7-2.7.13/debian/changelog python2.7-2.7.13/debian/changelog
--- python2.7-2.7.13/debian/changelog
+++ python2.7-2.7.13/debian/changelog
@@ -1,3 +1,10 @@
+python2.7 (2.7.13-2+deb9u2) stretch; urgency=medium
+
+  * Backport c3c9db89273fabc62ea1b48389d9a3000c1c03ae to address
+CVE-2017-1000158 / https://bugs.python.org/issue30657
+
+ -- Moritz Mühlenhoff   Fri, 24 Nov 2017 18:33:09 +0100
+
 python2.7 (2.7.13-2+deb9u1) stretch; urgency=medium
 
   * Non-maintainer upload with maintainer's permission
diff -u python2.7-2.7.13/debian/patches/series.in 
python2.7-2.7.13/debian/patches/series.in
--- python2.7-2.7.13/debian/patches/series.in
+++ python2.7-2.7.13/debian/patches/series.in
@@ -72,0 +73 @@
+CVE-2017-1000158.diff
only in patch2:
unchanged:
--- python2.7-2.7.13.orig/debian/patches/CVE-2017-1000158.diff
+++ python2.7-2.7.13/debian/patches/CVE-2017-1000158.diff
@@ -0,0 +1,29 @@
+From c3c9db89273fabc62ea1b48389d9a3000c1c03ae Mon Sep 17 00:00:00 2001
+From: Jay Bosamiya 
+Date: Sun, 18 Jun 2017 22:11:03 +0530
+Subject: [PATCH] [2.7] bpo-30657: Check & prevent integer overflow in
+ PyString_DecodeEscape (#2174)
+
+---
+ Objects/stringobject.c | 8 +++-
+ 3 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/Objects/stringobject.c b/Objects/stringobject.c
+index c78e19316a0..59d22e76946 100644
+--- a/Objects/stringobject.c
 b/Objects/stringobject.c
+@@ -612,7 +612,13 @@ PyObject *PyString_DecodeEscape(const char *s,
+ char *p, *buf;
+ const char *end;
+ PyObject *v;
+-Py_ssize_t newlen = recode_encoding ? 4*len:len;
++Py_ssize_t newlen;
++/* Check for integer overflow */
++if (recode_encoding && (len > PY_SSIZE_T_MAX / 4)) {
++PyErr_SetString(PyExc_OverflowError, "string is too large");
++return NULL;
++}
++newlen = recode_encoding ? 4*len:len;
+ v = PyString_FromStringAndSize((char *)NULL, newlen);
+ if (v == NULL)
+ return NULL;