The Ubuntu Security team has made the decision to not backport the fix for CVE-2014-9365 to stable Ubuntu releases. The rationale can be found in the Notes section of the corresponding Ubuntu CVE tracker entry:
http://people.canonical.com/~ubuntu- security/cve/2014/CVE-2014-9365.html I think this bug can be closed since Ubuntu 15.04 and newer shipped Python 2.7.9 or newer while Ubuntu 14.04 LTS and Ubuntu 12.04 LTS will not be receiving the backported fix for CVE-2014-9365. We'll fix individual applications that do not do proper certificate verification in those two releases. ** Changed in: python-defaults (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python-defaults in Ubuntu. https://bugs.launchpad.net/bugs/1401322 Title: Upgrade to Python 2.7.9 Status in python-defaults package in Ubuntu: Fix Released Bug description: Python 2.7.9 contains numerous security improvements for Python. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-defaults/+bug/1401322/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
