Fedora Linux 8812 Published by

A python3-typed_ast security update has been released for Fedora 30.



--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-9b3dabc21c
2020-03-14 00:24:43.758886
--------------------------------------------------------------------------------

Name : python3-typed_ast
Product : Fedora 30
Version : 1.4.0
Release : 2.fc30
URL :   https://github.com/python/typed_ast
Summary : A fork of the ast module with type annotations
Description :
A fork of the ast module with type annotations. This package is based on the ast modules from Python 2 and 3,
and has been extended with support for type comments and type annotations
as supported in Python 3.6.

--------------------------------------------------------------------------------
Update Information:

Fixes for CVE-2019-19274 and CVE-2019-19275
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 26 2019 Fedora Release Engineering - 1.4.0-2
- Rebuilt for   https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jun 11 2019 Gwyn Ciesla - 1.4.0-1
- 1.4.0.
* Wed May 15 2019 Gwyn Ciesla - 1.3.5-1
- 1.3.5.
* Tue May 14 2019 Gwyn Ciesla - 1.3.1-2
- Fix 3.8 FTBFS.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1810594 - CVE-2019-19274 python3-typed_ast: out-of-bounds read in handle_keywordonly_args() function [fedora-30]
  https://bugzilla.redhat.com/show_bug.cgi?id=1810594
[ 2 ] Bug #1810598 - CVE-2019-19275 python3-typed_ast: out-of-bounds read in ast_for_arguments() function [fedora-30]
  https://bugzilla.redhat.com/show_bug.cgi?id=1810598
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-9b3dabc21c' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys