Your message dated Sat, 09 Nov 2019 20:35:49 +0000
with message-id <[email protected]>
and subject line Bug#940901: fixed in python2.7 2.7.16-2+deb10u1
has caused the Debian Bug report #940901,
regarding python2.7: CVE-2019-16056
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
940901: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940901
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python2.7
Version: 2.7.16-4
Severity: important
Tags: security upstream
Forwarded: https://bugs.python.org/issue34155
Control: found -1 2.7.16-2
Control: found -1 2.7.13-2+deb9u3
Control: found -1 2.7.13-2
Hi,
The following vulnerability was published for python2.7.
CVE-2019-16056[0]:
| An issue was discovered in Python through 2.7.16, 3.x through 3.5.7,
| 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly
| parses email addresses that contain multiple @ characters. An
| application that uses the email module and implements some kind of
| checks on the From/To headers of a message could be tricked into
| accepting an email address that should be denied. An attack may be the
| same as in CVE-2019-11340; however, this CVE applies to Python more
| generally.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-16056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056
[1] https://bugs.python.org/issue34155
[2]
https://github.com/python/cpython/commit/4cbcd2f8c4e12b912e4d21fd892eedf7a3813d8e
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python2.7
Source-Version: 2.7.16-2+deb10u1
We believe that the bug you reported is fixed in the latest version of
python2.7, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated python2.7 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 11 Oct 2019 00:02:15 +0200
Source: python2.7
Binary: idle-python2.7 libpython2.7 libpython2.7-dbg libpython2.7-dev
libpython2.7-minimal libpython2.7-stdlib libpython2.7-testsuite python2.7
python2.7-dbg python2.7-dev python2.7-doc python2.7-examples python2.7-minimal
Architecture: source all amd64
Version: 2.7.16-2+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Matthias Klose <[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Description:
idle-python2.7 - IDE for Python (v2.7) using Tkinter
libpython2.7 - Shared Python runtime library (version 2.7)
libpython2.7-dbg - Debug Build of the Python Interpreter (version 2.7)
libpython2.7-dev - Header files and a static library for Python (v2.7)
libpython2.7-minimal - Minimal subset of the Python language (version 2.7)
libpython2.7-stdlib - Interactive high-level object-oriented language
(standard library
libpython2.7-testsuite - Testsuite for the Python standard library (v2.7)
python2.7 - Interactive high-level object-oriented language (version 2.7)
python2.7-dbg - Debug Build of the Python Interpreter (version 2.7)
python2.7-dev - Header files and a static library for Python (v2.7)
python2.7-doc - Documentation for the high-level object-oriented language
Python
python2.7-examples - Examples for the Python language (v2.7)
python2.7-minimal - Minimal subset of the Python language (version 2.7)
Closes: 940901
Changes:
python2.7 (2.7.16-2+deb10u1) buster; urgency=medium
.
* CVE-2018-20852
* CVE-2019-10160
* CVE-2019-16056 (Closes: #940901)
* CVE-2019-16935
* CVE-2019-9740
* CVE-2019-9947
Checksums-Sha1:
b2474f6ee0a36ed2724752dd5e07abcfb03f7010 3362 python2.7_2.7.16-2+deb10u1.dsc
a138d00ffe4d809e1391046a4e6d829761fb79c6 293706
python2.7_2.7.16-2+deb10u1.diff.gz
ecc553f8d5fc4f4951947fa96ecb3c8e32e144b7 340128
idle-python2.7_2.7.16-2+deb10u1_all.deb
0d898c7189acb3d8d534cc01878d72ed877bb496 4895700
libpython2.7-dbg_2.7.16-2+deb10u1_amd64.deb
f3fd6ea96e2b63518dd45f3c6d8d61422e3dd9ce 31583848
libpython2.7-dev_2.7.16-2+deb10u1_amd64.deb
189a603cf78c4f1d2c732759671cf1be24e60bdc 394740
libpython2.7-minimal_2.7.16-2+deb10u1_amd64.deb
65e9c9d8056d6a54c98201c6bb453c48b27fa07a 1911924
libpython2.7-stdlib_2.7.16-2+deb10u1_amd64.deb
3797e7b75c5d86871343d702b315d16b7867d110 2161696
libpython2.7-testsuite_2.7.16-2+deb10u1_all.deb
727144ab57823364f2fff5bcf066da7a7c636a84 1036292
libpython2.7_2.7.16-2+deb10u1_amd64.deb
e32c7d11943c7c20959408018b2d9c7ca442fee8 9618440
python2.7-dbg_2.7.16-2+deb10u1_amd64.deb
958591bd4a9d0137ef5b541f353c18f3b306bd71 294164
python2.7-dev_2.7.16-2+deb10u1_amd64.deb
55c9208fcc6060e4a2ebc22f2160c07d8b02f4b0 4406456
python2.7-doc_2.7.16-2+deb10u1_all.deb
debbab9930c77ab166d8049de37d2599b5de12d7 715296
python2.7-examples_2.7.16-2+deb10u1_all.deb
7e70e938411a2cc97f505d15a4e5d4cfb41a9e6b 1369052
python2.7-minimal_2.7.16-2+deb10u1_amd64.deb
7faa57495efb9571f09d8dd64cd94659f68975be 14402
python2.7_2.7.16-2+deb10u1_amd64.buildinfo
45864fe1e4fc79a17e9e8c4b0cf75faeb7af83ff 304600
python2.7_2.7.16-2+deb10u1_amd64.deb
Checksums-Sha256:
c976ba9e854cf611131aacb06f3ddca206b5c799871cb269dbef1ee629be6066 3362
python2.7_2.7.16-2+deb10u1.dsc
37150412430a010c1f0cd816ff1c2b0d90459ecc37c8aa5df5d68f698ececeed 293706
python2.7_2.7.16-2+deb10u1.diff.gz
a267369404bfb476cbaaee151c67be4f4f315181304129a09c922529d296183b 340128
idle-python2.7_2.7.16-2+deb10u1_all.deb
d8d295acac560aad67d0ddb21b5a91967d470be740f776190d34059d4f78bb01 4895700
libpython2.7-dbg_2.7.16-2+deb10u1_amd64.deb
8f7146f8f4308999c052e82e2012b82a8cd475593d3195ef91ab5e68236044ef 31583848
libpython2.7-dev_2.7.16-2+deb10u1_amd64.deb
8a54dfa6c30ced68dafc159d88adb8c096697a993023bb5e31f2dfd93e386474 394740
libpython2.7-minimal_2.7.16-2+deb10u1_amd64.deb
96c9e7ad71da07f47b7356b416b7f5d6d9e8eda1404b2c8a8ba8edda3799177b 1911924
libpython2.7-stdlib_2.7.16-2+deb10u1_amd64.deb
7e61db7e4e7af91e00c1e5a836d533e9a9d28445e8534fc75679612e5e1bc0eb 2161696
libpython2.7-testsuite_2.7.16-2+deb10u1_all.deb
e5dcd5ff5be854e9c7645f1a349701e809078051ef88dd119dc55d07c2e1f7bb 1036292
libpython2.7_2.7.16-2+deb10u1_amd64.deb
7f4a11d5fafbb64f7a25cd2d70540c5f9f02383448108b4ed4fdf8c85ff4f1a1 9618440
python2.7-dbg_2.7.16-2+deb10u1_amd64.deb
fa4905e28309d85d9ea7e5bb23bf6a8ab2f75bd4af004ec0193e4017f2d32c18 294164
python2.7-dev_2.7.16-2+deb10u1_amd64.deb
61e1fe884cd0ea23705f49c60320e14e317dd01bef3b939c0eb9984afb886f26 4406456
python2.7-doc_2.7.16-2+deb10u1_all.deb
94038dd8db85ce707e83256f47a20dc76e46193e7512c77c7eb57a9a4c24a188 715296
python2.7-examples_2.7.16-2+deb10u1_all.deb
639a24fc4130b31ff9406db4fdc248cf6ce311e53136ccdfb10fa1134dd5faf4 1369052
python2.7-minimal_2.7.16-2+deb10u1_amd64.deb
43745a6978700302a0b7f649909510490bc27eeb1a96d62e7bcf6b16773fa063 14402
python2.7_2.7.16-2+deb10u1_amd64.buildinfo
66951c2dbc143d93b6b8757eb749bbd380f340c454301a27bd45ff712b9cffb0 304600
python2.7_2.7.16-2+deb10u1_amd64.deb
Files:
73a04de8e3be587191d7761bc74a37ae 3362 python optional
python2.7_2.7.16-2+deb10u1.dsc
98fedfddf3642f66417c68807bf93c8c 293706 python optional
python2.7_2.7.16-2+deb10u1.diff.gz
627d7fbaab7f70e239472a860c4a3409 340128 python optional
idle-python2.7_2.7.16-2+deb10u1_all.deb
7d192284ca44214287dab99727e57fed 4895700 debug optional
libpython2.7-dbg_2.7.16-2+deb10u1_amd64.deb
a10c17f36f3b227876ca72f2b687c6ee 31583848 libdevel optional
libpython2.7-dev_2.7.16-2+deb10u1_amd64.deb
472b9c4f66707ff4350f5ad13e3b7bd7 394740 python optional
libpython2.7-minimal_2.7.16-2+deb10u1_amd64.deb
ed115dc6c40c495f5ce18e744e1bfaf9 1911924 python optional
libpython2.7-stdlib_2.7.16-2+deb10u1_amd64.deb
b49a6b6f1980ab1c06314df584ee02b4 2161696 libdevel optional
libpython2.7-testsuite_2.7.16-2+deb10u1_all.deb
7e19faaab3229695cf37d5423cbf0dd4 1036292 libs optional
libpython2.7_2.7.16-2+deb10u1_amd64.deb
9131379c7b920eeef8033ff972d5c4f5 9618440 debug optional
python2.7-dbg_2.7.16-2+deb10u1_amd64.deb
164a02b74ef6b6f5352e0459f765435f 294164 python optional
python2.7-dev_2.7.16-2+deb10u1_amd64.deb
a95e2dd27f1dca9454ff82710561d75c 4406456 doc optional
python2.7-doc_2.7.16-2+deb10u1_all.deb
d6dc2fc750569d212727ab4cc4ff507a 715296 python optional
python2.7-examples_2.7.16-2+deb10u1_all.deb
3dfecaa365d70432a55663430bd6c830 1369052 python optional
python2.7-minimal_2.7.16-2+deb10u1_amd64.deb
4b23d0e0e55b6dbce8744b9867697c7c 14402 python optional
python2.7_2.7.16-2+deb10u1_amd64.buildinfo
7b75c63f4c1c6449b2010cb83a2eeaa3 304600 python optional
python2.7_2.7.16-2+deb10u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl28VbAACgkQEMKTtsN8
TjaagQ/+JoBAHYOx27EGLFyCJ3qibGa7+XU+bAw3nibgdr/WtQOBt7CvvdoR6nno
5HG2x9mmH8nCYYFP0D/Xq7gF+Ec+l2ERyH/v0ywsLclz7X8KoRzw9yv6yjyEnm9k
rSGghpFCdLm27JAnKxVYjUx61djJdllqJugeu/tfYu3Vb1AWYMYBOt+0ipZXY0TR
ymg4wBTgE53Ua0/b/rW/nT12ffW3pTifoIyxiC9LH/Hj4bn4dTnEQSkO287bR7pe
vzUK5cqizooThCRAvejnJotUMno/E7NALLINgMpCXhMe6dvFpRWDAmDCcOpv32VT
v50aFtoCHfV+lMmWTnrOjr5A63Pl6IruCU7JRGX793CvUm4TYqkQ64sfN74UIEHT
jHN9vV8MczlRdIY85LGVYuEsu7G8zRGrELtMSs1TTaqyqaFHqylaftrccM6KPIYc
IpPWpaqI6goxBnIzE80B24qBenhOwTQLasfJSUka7QPLMAiuScrsM9vw9W2PVpod
BZLp3z3SFQF5KatefsCxYCDcOSpPKpMaafwRG/GqYLPO6X2bT/Pv3O+6YAy37FLm
xWKZTxD1Zc5RmY8E28IIBPh/RB0iC4JvreCrtOcc/jnp4hbFF5///FfIqC1WU1Ft
ZkU57HPpIonR1A0HtwhHK6336Gy6DWl7S/x1MMZwupn8fRynImc=
=pm9f
-----END PGP SIGNATURE-----
--- End Message ---
