This bug was fixed in the package python2.7 - 2.7.16-2~18.10
---------------
python2.7 (2.7.16-2~18.10) cosmic-proposed; urgency=medium
* SRU: LP: #1822993.
python2.7 (2.7.16-2) unstable; urgency=high
[ Matthias Klose ]
* CVE-2019-9636. Fix issue #36216: Add check for characters in netloc that
normalize to separators. Closes: #924073.
* CVE-2019-9948. Fix issue #35907: Stop urllib exposing the local_file schema
(file://).
[ Dimitri John Ledkov ]
* Bump Build-Depedency and Dependency of libssl-dev and libss1.1 to
1.1.1 or higher. As TLS1.3 constants leak into ssl module, thus one
shouldn't mix and match python2.7 & libssl1.1. LP: #1808476
python2.7 (2.7.16-1) unstable; urgency=medium
* Python 2.7.16 release.
- Now has a version without a trailing '+'. Closes: #914072.
python2.7 (2.7.16~rc1-1) unstable; urgency=medium
* Python 2.7.16 release candidate 1.
python2.7 (2.7.15-9) unstable; urgency=medium
* Update to 20190216 from the 2.7 branch.
- Backport of TLS 1.3 related fixes from 3.7.
* Drop the local TLS 1.3 backports.
python2.7 (2.7.15-8) unstable; urgency=medium
* Fix typo in autopkg test.
python2.7 (2.7.15-7) unstable; urgency=medium
* Expect the test_site test failing as in 3.7.
python2.7 (2.7.15-6) unstable; urgency=medium
* Update to 20190201 from the 2.7 branch.
- CVE-2013-1752: Limit imaplib.IMAP4_SSL.readline().
- CVE-2018-14647: _elementtree.c doesn't call XML_SetHashSalt().
Closes: #921039.
- CVE-2019-5010: DsO vulnerability exists in the X509 certificate parser.
Closes: #921040.
* Bump standards version.
* Update symbols file.
python2.7 (2.7.15-5) unstable; urgency=medium
* Update to 20181127 from the 2.7 branch.
- Fix issue #20744, running an external 'zip' in shutil.make_archive().
CVE-2018-1000802. Closes: #909673.
* Cherrypick in-progress backports to 2.7 branch from 3.6 branch to fix
test_ssl assertions with openssl 1.1.1. Resolves autopkgtest failure
of the 2.7 with openssl 1.1.1 (Dimitri John Ledkov).
* Don't hard code location of netinet/in.h. Closes: #912422.
* Update VCS attributes.
-- Matthias Klose <[email protected]> Tue, 09 Apr 2019 06:50:39 +0200
** Changed in: python2.7 (Ubuntu Cosmic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1752
** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2018-1000802
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14647
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5010
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1808476
Title:
Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak
constants
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1808476/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
