Your message dated Fri, 01 Feb 2019 08:48:22 +0000
with message-id <[email protected]>
and subject line Bug#921039: fixed in python2.7 2.7.15-6
has caused the Debian Bug report #921039,
regarding CVE-2018-14647
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
921039: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921039
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: python2.7
Version: 2.7.15-5
Severity: grave
Tags: security
CVE-2018-14647 as fixed in DSA-4306-1 needs to be fixed in testing as well:
https://bugs.python.org/issue34623
https://github.com/python/cpython/commit/18b20bad75b4ff0486940fba4ec680e96e70f3a2
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: python2.7
Source-Version: 2.7.15-6
We believe that the bug you reported is fixed in the latest version of
python2.7, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthias Klose <[email protected]> (supplier of updated python2.7 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 01 Feb 2019 08:18:31 +0100
Source: python2.7
Architecture: source
Version: 2.7.15-6
Distribution: unstable
Urgency: medium
Maintainer: Matthias Klose <[email protected]>
Changed-By: Matthias Klose <[email protected]>
Closes: 921039 921040
Changes:
python2.7 (2.7.15-6) unstable; urgency=medium
.
* Update to 20190201 from the 2.7 branch.
- CVE-2013-1752: Limit imaplib.IMAP4_SSL.readline().
- CVE-2018-14647: _elementtree.c doesn't call XML_SetHashSalt().
Closes: #921039.
- CVE-2019-5010: DsO vulnerability exists in the X509 certificate parser.
Closes: #921040.
* Bump standards version.
* Update symbols file.
Checksums-Sha1:
330274af10115129a5130f3914f45ffad439b94a 3344 python2.7_2.7.15-6.dsc
26c02e807e241461f71ed515814741d788cb0160 596337 python2.7_2.7.15-6.diff.gz
d38f6d0200a447c3890e4f27f319c15418f0c015 10050
python2.7_2.7.15-6_source.buildinfo
Checksums-Sha256:
0179e286a457fffde54a6731f306fd86f386b8db33aa88ff9c9760115f9125c4 3344
python2.7_2.7.15-6.dsc
b3c63e731e47ef48fa0087ed922679d55772fedc2bcb7ac414ca677a0feb2266 596337
python2.7_2.7.15-6.diff.gz
30b62b5ac02566c600ea4045fc446165a33191bafe9bf3384066be165bc43610 10050
python2.7_2.7.15-6_source.buildinfo
Files:
f5e28cb0db5d2c168e3758d1f9c67518 3344 python optional python2.7_2.7.15-6.dsc
54619766bcdafd0cb9d4d5f7b237d4c1 596337 python optional
python2.7_2.7.15-6.diff.gz
7d1180beb276bb990e9653d51b9328ce 10050 python optional
python2.7_2.7.15-6_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAlxT/agQHGRva29AZGVi
aWFuLm9yZwAKCRC9fqpgd4+m9fTjD/9Ma/8erwYWu8yiJb9I2Tp6UCv9ycs8+8f4
CffK+DC2Iv9L9C6rS0/UQ7qsxIoUUahCqC5786LNUcP+D3sneyWKxsQ41qnHQDyD
YmRt969UpcG/l94Ten3enPXEoIc0ktNOyClmN0AjlkWqy6i1IpJhHaDLzAQamIfo
jrpBa+grGmUAeMBQfZVmmxrhpVfT/Fqr1AEgx49ifnGTJGefCa2IGWdmfrhoipcG
k82tFmnL/lhU4+SZEfAcmgtcEnF9dmX/aGQ0PH6GVQQObfEQ4SOWEF/qE1YGigy4
B5jgIetbBDXdIHiUVKoeJ/uqko0fNtg16Je6u7w54zjIlsrYStCWAWydR7Bw549K
AkQXRqkgHeSoh/fYWjLBTiGMUDBMRaUCnLe+y2Sq4RdX+6OHxxZFLdNZG6tEpEQd
4sv8KXavY9NAcIyUV4G4H1G1NIQ3S1n9FS5ItNRbGidVvR6E1usi/mD6f3hLwnyl
MTrmh9vVlKraqiFCKr2u4y7i9rRujk/HByMFzGoJaRTTDJ8ThewQynGxvn91maOj
GJyfCj2HAkYFd5d1Jk/3gQrLSd/vmcr/iJFvOO93H4W9pkUt7WgffuWHgSsiC+eK
Sc69SQ+owbDbf0Bcan5DNPJ3MspbP53nXJRllY452qIGd/LoNqSg4qsoSVeByVDn
lGZOy4btNg==
=MBp/
-----END PGP SIGNATURE-----
--- End Message ---
