Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6c48e35e by Thorsten Alteholz at 2020-08-22T16:42:13+02:00 remove no-dsa and postponed tags that are fixed in latest python2.7 upload - - - - - 57b80af5 by Thorsten Alteholz at 2020-08-22T16:43:10+02:00 Reserve DLA-2337-1 for python2.7 - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -68565,7 +68565,6 @@ CVE-2019-16056 (An issue was discovered in Python through 2.7.16, 3.x through 3. - python3.4 <removed> - python2.7 2.7.17~rc1-1 (bug #940901) [buster] - python2.7 2.7.16-2+deb10u1 - [stretch] - python2.7 <no-dsa> (Minor issue) NOTE: https://bugs.python.org/issue34155 NOTE: https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9 (master) NOTE: https://github.com/python/cpython/commit/217077440a6938a0b428f67cfef6e053c4f8673c (v3.8.0b4) @@ -77770,7 +77769,6 @@ CVE-2018-20852 (http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookie - python3.4 <removed> - python2.7 2.7.16-3 [buster] - python2.7 2.7.16-2+deb10u1 - [stretch] - python2.7 <no-dsa> (Minor issue) NOTE: https://bugs.python.org/issue35121 NOTE: https://python-security.readthedocs.io/vuln/cookie-domain-check.html NOTE: https://github.com/python/cpython/commit/979daae300916adb399ab5b51410b6ebd0888f13 (2.7.x branch) @@ -87334,7 +87332,6 @@ CVE-2019-10160 (A security regression of CVE-2019-9636 was discovered in python - python3.4 <not-affected> (Vulnerable fix to regression introduced by fix for CVE-2019-9636 not applied) - python2.7 2.7.16-3 [buster] - python2.7 2.7.16-2+deb10u1 - [stretch] - python2.7 <not-affected> (Incomplete fix for CVE-2019-9636 not applied) [jessie] - python2.7 <not-affected> (Incomplete fix for CVE-2019-9636 not applied) NOTE: Introduced by: https://github.com/python/cpython/commit/d537ab0ff9767ef024f26246899728f0116b1ec3 (v3.8.0a4) NOTE: Fixed by: https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e (v3.8.0b1) @@ -87996,7 +87993,6 @@ CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file: sche - python3.5 <removed> - python3.4 <removed> - python2.7 2.7.16-2 - [stretch] - python2.7 <no-dsa> (Minor issue) NOTE: https://bugs.python.org/issue35907 NOTE: https://github.com/python/cpython/pull/11842 NOTE: https://github.com/python/cpython/commit/34bab215596671d0dec2066ae7d7450cd73f638b (3.7) @@ -88012,7 +88008,6 @@ CVE-2019-9947 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 a - python3.4 <removed> - python2.7 2.7.16-3 [buster] - python2.7 2.7.16-2+deb10u1 - [stretch] - python2.7 <no-dsa> (Minor issue) NOTE: https://bugs.python.org/issue35906 NOTE: Introduced by: https://github.com/python/cpython/commit/cc54c1c0d2d05fe7404ba64c53df4b1352ed2262 NOTE: CVE-2019-9947 issue fixed with same fix as for CVE-2019-9740 @@ -89563,7 +89558,6 @@ CVE-2019-9740 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 a - python3.4 <removed> - python2.7 2.7.16-3 [buster] - python2.7 2.7.16-2+deb10u1 - [stretch] - python2.7 <no-dsa> (Minor issue) NOTE: https://bugs.python.org/issue30458 NOTE: https://bugs.python.org/issue36276 (duplicate) NOTE: https://bugs.python.org/issue36274 (common regression fix) @@ -89840,7 +89834,6 @@ CVE-2019-9636 (Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: - python3.5 <removed> - python3.4 <removed> - python2.7 2.7.16-2 (bug #924073) - [stretch] - python2.7 <no-dsa> (Minor issue) NOTE: https://bugs.python.org/issue36216 NOTE: https://github.com/python/cpython/pull/12201 NOTE: https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html @@ -102035,7 +102028,6 @@ CVE-2019-5010 (An exploitable denial-of-service vulnerability exists in the X509 - python3.5 <removed> - python3.4 <removed> - python2.7 2.7.15-6 (bug #921040) - [stretch] - python2.7 <postponed> (Minor issue, can be fixed along in a future DSA) NOTE: https://bugs.python.org/issue35746 NOTE: https://github.com/python/cpython/pull/11569 NOTE: https://github.com/python/cpython/commit/be5de958e9052e322b0087c6dba81cdad0c3e031 (3.7.x) ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[22 Aug 2020] DLA-2337-1 python2.7 - security update + {CVE-2018-20852 CVE-2019-5010 CVE-2019-9636 CVE-2019-9740 CVE-2019-9947 CVE-2019-9948 CVE-2019-10160 CVE-2019-16056 CVE-2019-20907} + [stretch] - python2.7 2.7.13-2+deb9u4 [22 Aug 2020] DLA-2336-1 firejail - security update {CVE-2020-17367 CVE-2020-17368} [stretch] - firejail 0.9.44.8-2+deb9u1 ===================================== data/dla-needed.txt ===================================== @@ -134,9 +134,6 @@ openexr (Adrian Bunk) puma NOTE: 20200708: Vulnerable to (at least) CVE-2020-11076. (lamby) -- -python2.7 (Thorsten Alteholz) - NOTE: 20200809: Consider fixing CVE-2019-20907 (abhijith) --- qemu (Abhijith PA) -- qt4-x11 (Adrian Bunk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6aaece3cce56ede9ece2ea1d7c8d5926f6752159...57b80af58d244040fd7c3dcba9981f58ccd27a17 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6aaece3cce56ede9ece2ea1d7c8d5926f6752159...57b80af58d244040fd7c3dcba9981f58ccd27a17 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits