[Git][security-tracker-team/security-tracker][master] py27 updates

Moritz Muehlenhoff Fri, 11 Oct 2019 06:56:26 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b9dc95ec by Moritz Muehlenhoff at 2019-10-11T13:55:48Z
py27 updates

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1252,6 +1252,7 @@ CVE-2019-16935 (The documentation XML-RPC server in 
Python through 2.7.16, 3.x t
        - python3.4 <removed>
        [jessie] - python3.4 <ignored> (Minor Issue, XSS in an unlikely 
use-case)
        - python2.7 <unfixed>
+       [buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point 
release)
        [jessie] - python2.7 <ignored> (Minor Issue, XSS in an unlikely 
use-case)
        - jython <unfixed>
        [jessie] - jython <ignored> (Minor Issue, XSS in an unlikely use-case)
@@ -1263,6 +1264,7 @@ CVE-2019-16935 (The documentation XML-RPC server in 
Python through 2.7.16, 3.x t
        NOTE: 
https://github.com/python/cpython/commit/6447b9f9bd27e1f6b04cef674dd3a7ab27bf4f28
 (3.8 branch)
        NOTE: 
https://github.com/python/cpython/commit/39a0c7555530e31c6941a78da19b6a5b61170687
 (3.7 branch)
        NOTE: 
https://github.com/python/cpython/commit/1698cacfb924d1df452e78d11a4bf81ae7777389
 (3.6 branch)
+       NOTE: 
https://github.com/python/cpython/commit/8eb64155ff26823542ccf0225b3d57b6ae36ea89
 (2.7 branch)
 CVE-2019-16934
        RESERVED
 CVE-2019-16933
@@ -3688,6 +3690,7 @@ CVE-2019-16056 (An issue was discovered in Python through 
2.7.16, 3.x through 3.
        - python3.5 <removed>
        - python3.4 <removed>
        - python2.7 2.7.17~rc1-1 (bug #940901)
+       [buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point 
release)
        NOTE: https://bugs.python.org/issue34155
        NOTE: 
https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9
 (master)
        NOTE: 
https://github.com/python/cpython/commit/217077440a6938a0b428f67cfef6e053c4f8673c
 (v3.8.0b4)
@@ -12175,6 +12178,7 @@ CVE-2018-20852 
(http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookie
        - python3.5 <removed>
        - python3.4 <removed>
        - python2.7 2.7.16-3
+       [buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point 
release)
        NOTE: https://bugs.python.org/issue35121
        NOTE: 
https://python-security.readthedocs.io/vuln/cookie-domain-check.html
        NOTE: 
https://github.com/python/cpython/commit/979daae300916adb399ab5b51410b6ebd0888f13
 (2.7.x branch)
@@ -21371,7 +21375,7 @@ CVE-2019-10160 (A security regression of CVE-2019-9636 
was discovered in python
        - python3.5 <not-affected> (Incomplete fix for CVE-2019-9636 not 
applied)
        - python3.4 <not-affected> (Incomplete fix for CVE-2019-9636 not 
applied)
        - python2.7 2.7.16-3
-       [buster] - python2.7 <no-dsa> (Minor issue)
+       [buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point 
release)
        [stretch] - python2.7 <not-affected> (Incomplete fix for CVE-2019-9636 
not applied)
        [jessie] - python2.7 <not-affected> (Incomplete fix for CVE-2019-9636 
not applied)
        NOTE: Introduced by: 
https://github.com/python/cpython/commit/d537ab0ff9767ef024f26246899728f0116b1ec3
 (v3.8.0a4)
@@ -22023,7 +22027,7 @@ CVE-2019-9947 (An issue was discovered in urllib2 in 
Python 2.x through 2.7.16 a
        - python3.5 <removed>
        - python3.4 <removed>
        - python2.7 2.7.16-3
-       [buster] - python2.7 <no-dsa> (Minor issue)
+       [buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point 
release)
        [stretch] - python2.7 <no-dsa> (Minor issue)
        NOTE: https://bugs.python.org/issue35906
        NOTE: Introduced by: 
https://github.com/python/cpython/commit/cc54c1c0d2d05fe7404ba64c53df4b1352ed2262
@@ -23559,7 +23563,7 @@ CVE-2019-9740 (An issue was discovered in urllib2 in 
Python 2.x through 2.7.16 a
        - python3.5 <removed>
        - python3.4 <removed>
        - python2.7 2.7.16-3
-       [buster] - python2.7 <no-dsa> (Minor issue)
+       [buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point 
release)
        [stretch] - python2.7 <no-dsa> (Minor issue)
        NOTE: https://bugs.python.org/issue36276
        NOTE: https://bugs.python.org/issue30458


=====================================
data/dsa-needed.txt
=====================================
@@ -53,8 +53,6 @@ pam-python
 --
 poppler (jmm)
 --
-python2.7 (jmm)
---
 python3.5 (jmm)
 --
 simplesamlphp/oldstable



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9dc95eccb64645002f22b153115d95d526d0b82

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9dc95eccb64645002f22b153115d95d526d0b82
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] py27 updates

Reply via email to