The Ubuntu Security team has made the decision to not backport the fix for CVE-2014-9365 to stable Ubuntu releases. The rationale can be found in the Notes section of the corresponding Ubuntu CVE tracker entry:
http://people.canonical.com/~ubuntu- security/cve/2014/CVE-2014-9365.html I think this bug can be closed since Ubuntu 15.04 and newer shipped Python 2.7.9 or newer while Ubuntu 14.04 LTS and Ubuntu 12.04 LTS will not be receiving the backported fix for CVE-2014-9365. We'll fix individual applications that do not do proper certificate verification in those two releases. ** Changed in: python-defaults (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401322 Title: Upgrade to Python 2.7.9 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-defaults/+bug/1401322/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
