This bug was fixed in the package python3.4 - 3.4.3-1ubuntu1~14.04.5 --------------- python3.4 (3.4.3-1ubuntu1~14.04.5) trusty-security; urgency=medium
* SECURITY UPDATE: StartTLS stripping attack - debian/patches/CVE-2016-0772.patch: raise an error when STARTTLS fails in Lib/smtplib.py. - CVE-2016-0772 * SECURITY UPDATE: use of HTTP_PROXY flag supplied by attacker in CGI scripts (aka HTTPOXY attack) - debian/patches/CVE-2016-1000110.patch: if running as CGI script, forget HTTP_PROXY in Lib/urllib.py, add test to Lib/test/test_urllib.py, add documentation. - CVE-2016-1000110 * SECURITY UPDATE: Integer overflow when handling zipfiles - debian/patches/CVE-2016-5636-pre.patch: check for negative size in Modules/zipimport.c - debian/patches/CVE-2016-5636.patch: check for too large value in Modules/zipimport.c - CVE-2016-5636 * SECURITY UPDATE: CRLF injection vulnerability in the HTTPConnection.putheader - debian/patches/CVE-2016-5699.patch: disallow newlines in putheader() arguments when not followed by spaces or tabs in Lib/httplib.py, add tests in Lib/test/test_httplib.py - CVE-2016-5699 -- Steve Beattie <sbeat...@ubuntu.com> Wed, 16 Nov 2016 12:38:40 -0800 ** Changed in: python3.4 (Ubuntu Trusty) Status: Triaged => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-0772 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-1000110 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-5636 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-5699 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python3.3 in Ubuntu. https://bugs.launchpad.net/bugs/1264554 Title: python3.4 autopkg test failures Status in python3.3 package in Ubuntu: Won't Fix Status in python3.4 package in Ubuntu: Fix Released Status in python3.4 source package in Trusty: Fix Released Bug description: see https://jenkins.qa.ubuntu.com/view/Trusty/view/AutoPkgTest/job/trusty-adt-python3.4/24/ disabled these in the autopkg tests for now. need some investigation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python3.3/+bug/1264554/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp