Fedora Linux 8810 Published by

A rust-python-launcher security update has been released for Fedora 35.



SECURITY: Fedora 35 Update: rust-python-launcher-1.0.0-4.fc35


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-c4071e3dc7
2022-01-29 06:37:20.624357
--------------------------------------------------------------------------------

Name : rust-python-launcher
Product : Fedora 35
Version : 1.0.0
Release : 4.fc35
URL :   https://crates.io/crates/python-launcher
Summary : Python launcher for Unix
Description :
The Python Launcher for Unix.

Launch your Python interpreter the lazy/smart way!

This launcher is an implementation of the py command for Unix-based platforms.

The goal is to have py become the cross-platform command that Python users
typically use to launch an interpreter while doing development.
By having a command that is version-agnostic when it comes to Python,
it side-steps the "what should the python command point to?" debate by clearly
specifying that upfront (i.e. the newest version of Python that can be found).
This also unifies the suggested command to document for launching Python on
both Windows as Unix as py has existed as the preferred command on Windows
since 2012 with the release of Python 3.3.

Typical usage would be:

py -m venv .venv
py ... # Whatever you would normally use `python` for during development.

This creates a virtual environment in a .venv directory using the latest
version of Python installed. Subsequent uses of py will then use that virtual
environment as long as it is in the current (or higher) directory;
no environment activation required (although the Python Launcher supports
activated environments as well)!

A non-goal of this launcher is to become the way to launch the Python
interpreter all the time. If you know the exact interpreter you want to
launch then you should launch it directly; same goes for when you have
requirements on the type of interpreter you want.
The Python Launcher should be viewed as a tool of convenience, not necessity.

--------------------------------------------------------------------------------
Update Information:

Update the thread_local crate to version 1.1.4. This includes a fix for
[RUSTSEC-2022-0006](  https://rustsec.org/advisories/RUSTSEC-2022-0006.html)
(possible memory corruption caused by a data race). All applications that
statically link thread_local have been rebuilt for this version. Additionally,
all rebuilt applications now include the fix for
[CVE-2022-21658](  https://rustsec.org/advisories/CVE-2022-21658.html) (Time-of-
check Time-of-use race condition in `std::fs::remove_dir_all` from the Rust
standard library).
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 25 2022 Fabio Valentini 1.0.0-4
- Rebuild with thread_local 1.1.4 for RUSTSEC-2022-0006
* Fri Jan 21 2022 Fedora Release Engineering 1.0.0-3
- Rebuilt for   https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-c4071e3dc7' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________