Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: b9dc95ec by Moritz Muehlenhoff at 2019-10-11T13:55:48Z py27 updates - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -1252,6 +1252,7 @@ CVE-2019-16935 (The documentation XML-RPC server in Python through 2.7.16, 3.x t - python3.4 <removed> [jessie] - python3.4 <ignored> (Minor Issue, XSS in an unlikely use-case) - python2.7 <unfixed> + [buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point release) [jessie] - python2.7 <ignored> (Minor Issue, XSS in an unlikely use-case) - jython <unfixed> [jessie] - jython <ignored> (Minor Issue, XSS in an unlikely use-case) @@ -1263,6 +1264,7 @@ CVE-2019-16935 (The documentation XML-RPC server in Python through 2.7.16, 3.x t NOTE: https://github.com/python/cpython/commit/6447b9f9bd27e1f6b04cef674dd3a7ab27bf4f28 (3.8 branch) NOTE: https://github.com/python/cpython/commit/39a0c7555530e31c6941a78da19b6a5b61170687 (3.7 branch) NOTE: https://github.com/python/cpython/commit/1698cacfb924d1df452e78d11a4bf81ae7777389 (3.6 branch) + NOTE: https://github.com/python/cpython/commit/8eb64155ff26823542ccf0225b3d57b6ae36ea89 (2.7 branch) CVE-2019-16934 RESERVED CVE-2019-16933 @@ -3688,6 +3690,7 @@ CVE-2019-16056 (An issue was discovered in Python through 2.7.16, 3.x through 3. - python3.5 <removed> - python3.4 <removed> - python2.7 2.7.17~rc1-1 (bug #940901) + [buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point release) NOTE: https://bugs.python.org/issue34155 NOTE: https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9 (master) NOTE: https://github.com/python/cpython/commit/217077440a6938a0b428f67cfef6e053c4f8673c (v3.8.0b4) @@ -12175,6 +12178,7 @@ CVE-2018-20852 (http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookie - python3.5 <removed> - python3.4 <removed> - python2.7 2.7.16-3 + [buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point release) NOTE: https://bugs.python.org/issue35121 NOTE: https://python-security.readthedocs.io/vuln/cookie-domain-check.html NOTE: https://github.com/python/cpython/commit/979daae300916adb399ab5b51410b6ebd0888f13 (2.7.x branch) @@ -21371,7 +21375,7 @@ CVE-2019-10160 (A security regression of CVE-2019-9636 was discovered in python - python3.5 <not-affected> (Incomplete fix for CVE-2019-9636 not applied) - python3.4 <not-affected> (Incomplete fix for CVE-2019-9636 not applied) - python2.7 2.7.16-3 - [buster] - python2.7 <no-dsa> (Minor issue) + [buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point release) [stretch] - python2.7 <not-affected> (Incomplete fix for CVE-2019-9636 not applied) [jessie] - python2.7 <not-affected> (Incomplete fix for CVE-2019-9636 not applied) NOTE: Introduced by: https://github.com/python/cpython/commit/d537ab0ff9767ef024f26246899728f0116b1ec3 (v3.8.0a4) @@ -22023,7 +22027,7 @@ CVE-2019-9947 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 a - python3.5 <removed> - python3.4 <removed> - python2.7 2.7.16-3 - [buster] - python2.7 <no-dsa> (Minor issue) + [buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point release) [stretch] - python2.7 <no-dsa> (Minor issue) NOTE: https://bugs.python.org/issue35906 NOTE: Introduced by: https://github.com/python/cpython/commit/cc54c1c0d2d05fe7404ba64c53df4b1352ed2262 @@ -23559,7 +23563,7 @@ CVE-2019-9740 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 a - python3.5 <removed> - python3.4 <removed> - python2.7 2.7.16-3 - [buster] - python2.7 <no-dsa> (Minor issue) + [buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point release) [stretch] - python2.7 <no-dsa> (Minor issue) NOTE: https://bugs.python.org/issue36276 NOTE: https://bugs.python.org/issue30458 ===================================== data/dsa-needed.txt ===================================== @@ -53,8 +53,6 @@ pam-python -- poppler (jmm) -- -python2.7 (jmm) --- python3.5 (jmm) -- simplesamlphp/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9dc95eccb64645002f22b153115d95d526d0b82 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9dc95eccb64645002f22b153115d95d526d0b82 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits