[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/lang/python24
Module Name: pkgsrc
Committed By: obache
Date: Sat Apr 23 08:53:53 UTC 2011
pkgsrc/lang/python24: Makefile PLIST.common dist.mk distinfo
pkgsrc/lang/python24/patches: patch-au patch-ba patch-bb patch-bc
patch-bd patch-be patch-bf patch-bg patch-bh patch-bi patch-bj
patch-bk patch-bl patch-bm
Update python24 to 2.4.6.
What's New in Python 2.4.6?
*Release date: 19-Dec-2008*
What's New in Python 2.4.6c1?
*Release date: 13-Dec-2008*
Core and builtins
- Issue #4469: Prevent expandtabs() on string and unicode
objects from causing a segfault when a large width is passed
on 32-bit platforms. CVE-2008-5031.
- Issue #4317: Fixed a crash in the imageop.rgb2rgb8() function.
- Issue #4230: Fix a crash when a class has a custom __getattr__ and an
__getattribute__ method that deletes the __getattr__ attribute.
- Apply security patches from Apple. CVE-2008-2315.
- Issue #2620: Overflow checking when allocating or reallocating memory
was not always being done properly in some python types and extension
modules. PyMem_MALLOC, PyMem_REALLOC, PyMem_NEW and PyMem_RESIZE have
all been updated to perform better checks and places in the code that
would previously leak memory on the error path when such an allocation
failed have been fixed.
- Issue #1179: Fix CVE-2007-4965 and CVE-2008-1679, multiple integer
overflows in the imageop and rgbimgmodule modules.
- Issue #2586: Fix CVE-2008-1721, zlib crash from
zlib.decompressobj().flush(val) when val is not positive.
- Issues #2588, #2589: Fix potential integer underflow and overflow
conditions in the PyOS_vsnprintf C API function. CVE-2008-3144.
- Issue #2587: In the C API, PyString_FromStringAndSize() takes a signed size
parameter but was not verifying that it was greater than zero. Values
less than zero will now raise a SystemError and return NULL to indicate a
bug in the calling C code. CVE-2008-1887.
- Security Issue #2: imageop did not validate arguments correctly and could
segfault as a result. CVE-2008-4864.
- Tools/faqwiz/move-faqwiz.sh: Fix unsecure use of temporary files.
To generate a diff of this commit:
cvs rdiff -u -r1.55 -r1.56 pkgsrc/lang/python24/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/python24/PLIST.common
cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/python24/dist.mk
cvs rdiff -u -r1.33 -r1.34 pkgsrc/lang/python24/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/python24/patches/patch-aq
cvs rdiff -u -r1.1 -r0 pkgsrc/lang/python24/patches/patch-au \
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Main Index |
Thread Index |