drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in rust-python-launcher
Name: |
Ausführen beliebiger Kommandos in rust-python-launcher |
|
ID: |
FEDORA-2022-c4071e3dc7 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 35 |
|
Datum: |
Sa, 29. Januar 2022, 17:50 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21658 |
|
Applikationen: |
rust-python-launcher |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2022-c4071e3dc7 2022-01-29 06:37:20.624357 ------------------------------------------------------------------------------- -
Name : rust-python-launcher Product : Fedora 35 Version : 1.0.0 Release : 4.fc35 URL : https://crates.io/crates/python-launcher Summary : Python launcher for Unix Description : The Python Launcher for Unix.
Launch your Python interpreter the lazy/smart way!
This launcher is an implementation of the py command for Unix-based platforms.
The goal is to have py become the cross-platform command that Python users typically use to launch an interpreter while doing development. By having a command that is version-agnostic when it comes to Python, it side-steps the "what should the python command point to?" debate by clearly specifying that upfront (i.e. the newest version of Python that can be found). This also unifies the suggested command to document for launching Python on both Windows as Unix as py has existed as the preferred command on Windows since 2012 with the release of Python 3.3.
Typical usage would be:
py -m venv .venv py ... # Whatever you would normally use `python` for during development.
This creates a virtual environment in a .venv directory using the latest version of Python installed. Subsequent uses of py will then use that virtual environment as long as it is in the current (or higher) directory; no environment activation required (although the Python Launcher supports activated environments as well)!
A non-goal of this launcher is to become the way to launch the Python interpreter all the time. If you know the exact interpreter you want to launch then you should launch it directly; same goes for when you have requirements on the type of interpreter you want. The Python Launcher should be viewed as a tool of convenience, not necessity.
------------------------------------------------------------------------------- - Update Information:
Update the thread_local crate to version 1.1.4. This includes a fix for [RUSTSEC-2022-0006](https://rustsec.org/advisories/RUSTSEC-2022-0006.html) (possible memory corruption caused by a data race). All applications that statically link thread_local have been rebuilt for this version. Additionally, all rebuilt applications now include the fix for [CVE-2022-21658](https://rustsec.org/advisories/CVE-2022-21658.html) (Time-of- check Time-of-use race condition in `std::fs::remove_dir_all` from the Rust standard library). ------------------------------------------------------------------------------- - ChangeLog:
* Tue Jan 25 2022 Fabio Valentini <decathorpe@gmail.com> 1.0.0-4 - Rebuild with thread_local 1.1.4 for RUSTSEC-2022-0006 * Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> 1.0.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-c4071e3dc7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
|
|
|
|