Wonderful, thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python-defaults in Ubuntu.
https://bugs.launchpad.net/bugs/1401322
Title:
Upgrade to Python 2.7.9
Status in python-defaults package in Ubuntu:
Fix
https://bugs.launchpad.net/ubuntu/+source/python-defaults/2.7.15-3
** Changed in: python-defaults (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python-defaults in Ubuntu.
@tyhicks Sadly we depend on some libraries that aren't python3-safe. The
backport combined with suggested /etc/python/cert-verification.cfg would
be an excellent solution
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
Hi Cory and Kevin! The Ubuntu Security team (most of the work was done
by Marc Deslauriers) has actively fixed individual Python packages in
Ubuntu's main archive pocket that are vulnerable to certificate
verification flaws prior to the Python 2.7.9 change. While many packages
were already doing
Marking confirmed while the investigation is ongoing. Please mark as
triaged if we will employ one of the strategies.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python-defaults in Ubuntu.
** Changed in: python-defaults (Ubuntu)
Status: Fix Released => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python-defaults in Ubuntu.
https://bugs.launchpad.net/bugs/1401322
Title:
Upgrade to Python
@kwoot - please see comment #10 for python2.7 options that may be
available in 12.04 and 14.04 in the future. I wanted to point out to you
that python3.4 in 14.04 already has the ability to enable full
certification verification through the /etc/python3.4/cert-
verification.conf configuration
For the people annoyed at the idea to move to 16.04:
There are some alternative ways to get an updated Python version,
without relying on the one shipped by default in Ubuntu:
Pythonz: https://github.com/saghul/pythonz (disclaimer: I submitted some
patches and integrated pythonz into my own
I have to agree with the sentiment that this should be backported on the
grounds Ubuntu LTS releases are popular server operating systems which
many folks rely on for day to day operations. As an LTS release its
expected security issues will be taken care of as long as the release is
supported.
So none of the currently supported LTS versions will actually have a backport.
I'd rather not have to upgrade to 16.04 LTS (Xenial Xerus) in order to get rid
of urllib2 quircks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
The Ubuntu Security team has made the decision to not backport the fix
for CVE-2014-9365 to stable Ubuntu releases. The rationale can be found
in the Notes section of the corresponding Ubuntu CVE tracker entry:
http://people.canonical.com/~ubuntu-
security/cve/2014/CVE-2014-9365.html
I think
Tyler,
Sorry if I don't fully understand, but your claim is that this is a non-
issue because "you" (presumably referring to the Ubuntu Security team in
general) will fix individual applications that are vulnerable to
CVE-2014-9365. Before closing this issue, I'd like to know how you plan
to do
Python 2.7.9 is now in the Proposed for Ubuntu Vivid. My guess is that
they are rebuilding/checking libraries and applications to verify they
are still working as expected with the newer version, before pushing it
to the main archives.
As for backporting to older releases I don't know, but it
Is this going to be back-ported to 14.04?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python-defaults in Ubuntu.
https://bugs.launchpad.net/bugs/1401322
Title:
Upgrade to Python 2.7.9
Status in python-defaults package
CVE-2014-9365 has been assigned to TLS certificate validation issue in
Python 2.7.8 and earlier; this issue is fixed in 2.7.9
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9365
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
15 matches
Mail list logo
