This bug was fixed in the package python2.7 - 2.7.16-2~18.10
---------------
python2.7 (2.7.16-2~18.10) cosmic-proposed; urgency=medium
* SRU: LP: #1822993.
python2.7 (2.7.16-2) unstable; urgency=high
[ Matthias Klose ]
* CVE-2019-9636. Fix issue #36216: Add check for characters in netloc that
normalize to separators. Closes: #924073.
* CVE-2019-9948. Fix issue #35907: Stop urllib exposing the local_file schema
(file://).
[ Dimitri John Ledkov ]
* Bump Build-Depedency and Dependency of libssl-dev and libss1.1 to
1.1.1 or higher. As TLS1.3 constants leak into ssl module, thus one
shouldn't mix and match python2.7 & libssl1.1. LP: #1808476
python2.7 (2.7.16-1) unstable; urgency=medium
* Python 2.7.16 release.
- Now has a version without a trailing '+'. Closes: #914072.
python2.7 (2.7.16~rc1-1) unstable; urgency=medium
* Python 2.7.16 release candidate 1.
python2.7 (2.7.15-9) unstable; urgency=medium
* Update to 20190216 from the 2.7 branch.
- Backport of TLS 1.3 related fixes from 3.7.
* Drop the local TLS 1.3 backports.
python2.7 (2.7.15-8) unstable; urgency=medium
* Fix typo in autopkg test.
python2.7 (2.7.15-7) unstable; urgency=medium
* Expect the test_site test failing as in 3.7.
python2.7 (2.7.15-6) unstable; urgency=medium
* Update to 20190201 from the 2.7 branch.
- CVE-2013-1752: Limit imaplib.IMAP4_SSL.readline().
- CVE-2018-14647: _elementtree.c doesn't call XML_SetHashSalt().
Closes: #921039.
- CVE-2019-5010: DsO vulnerability exists in the X509 certificate parser.
Closes: #921040.
* Bump standards version.
* Update symbols file.
python2.7 (2.7.15-5) unstable; urgency=medium
* Update to 20181127 from the 2.7 branch.
- Fix issue #20744, running an external 'zip' in shutil.make_archive().
CVE-2018-1000802. Closes: #909673.
* Cherrypick in-progress backports to 2.7 branch from 3.6 branch to fix
test_ssl assertions with openssl 1.1.1. Resolves autopkgtest failure
of the 2.7 with openssl 1.1.1 (Dimitri John Ledkov).
* Don't hard code location of netinet/in.h. Closes: #912422.
* Update VCS attributes.
-- Matthias Klose <d...@ubuntu.com> Tue, 09 Apr 2019 06:50:39 +0200
** Changed in: python3-stdlib-extensions (Ubuntu Cosmic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1822993
Title:
SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8
Status in python-stdlib-extensions package in Ubuntu:
Fix Released
Status in python2.7 package in Ubuntu:
Fix Released
Status in python3-stdlib-extensions package in Ubuntu:
Fix Released
Status in python3.7 package in Ubuntu:
Fix Released
Status in python-stdlib-extensions source package in Bionic:
Fix Committed
Status in python3-stdlib-extensions source package in Bionic:
Fix Committed
Status in python-stdlib-extensions source package in Cosmic:
Fix Committed
Status in python2.7 source package in Cosmic:
Fix Released
Status in python3-stdlib-extensions source package in Cosmic:
Fix Released
Status in python3.6 source package in Cosmic:
Fix Released
Status in python3.7 source package in Cosmic:
Fix Released
Bug description:
SRU: update Python 3.7 to the 3.7.3 release, update Python 3.6 to the
3.6.8 release.
python3-stdlib-extensions also updates the modules to the 3.6.8
release for Python 3.6.
Acceptance Criteria: The package builds, and the test suite doesn't
show regressions. The test suite passes in the autopkg tests. The new
packages don't cause regressions in a test rebuild of the main
component.
http://people.canonical.com/~doko/ftbfs-report/test-rebuild-20190404-cosmic.html
http://people.canonical.com/~doko/ftbfs-report/test-rebuild-20190404-gcc8-cosmic.html
The test rebuilds are finished, and don't show any regressions for the
main component.
Regression Potential: Python 3.7 isn't used by default, so we don't have many
default users.
Regression Potential: Python 3.6 could see some regressions, although we are
trying to minimize the risk by doing the test rebuild.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-stdlib-extensions/+bug/1822993/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
