Security fix for CVE-2024-3651

Resolves: RHEL-32703
2024-04-23 09:29:34 +02:00 · 2024-04-23 09:29:34 +02:00 · 79020e2116
commit 79020e2116
parent b2eb5b0657
2 changed files with 2855 additions and 1 deletions
--- a/CVE-2024-3651.patch
+++ b/CVE-2024-3651.patch
--- a/python-idna.spec
+++ b/python-idna.spec
@ -15,12 +15,18 @@

 Name:           python-%{srcname}
 Version:        2.5
-Release:        5%{?dist}
+Release:        6%{?dist}
 Summary:        Internationalized Domain Names in Applications (IDNA)

 License:        BSD and Python and Unicode
 URL:            https://github.com/kjd/idna
 Source0:        https://pypi.io/packages/source/i/%{srcname}/%{srcname}-%{version}.tar.gz
+
+# Security fix for CVE-2024-3651
+# Upstream: https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7
+# Tracking bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2274779
+Patch:          CVE-2024-3651.patch
+
 BuildArch:      noarch

 %if 0%{?with_python2}
@ -123,6 +129,10 @@ rm -rf %{srcname}.egg-info
 %endif # with_python3

 %changelog
+* Tue Apr 23 2024 Lumír Balhar <lbalhar@redhat.com> - 2.5-6
+- Security fix for CVE-2024-3651
+Resolves: RHEL-32703
+
 * Thu Jun 28 2018 Christian Heimes <cheimes@redhat.com> - 2.5-5
 - Drop Python 2 subpackage from RHEL 8, fixes RHBZ#1590399