This bug was fixed in the package python2.7 - 2.7.17-1~18.04ubuntu1.2
---------------
python2.7 (2.7.17-1~18.04ubuntu1.2) bionic-security; urgency=medium
* SECURITY UPDATE: CRLF injection
- debian/patches/CVE-2020-26116.patch: prevent header injection
in http methods in Lib/httplib.py, Lib/test/test_httlib.py.
- CVE-2020-26116
* debian/patches/issue9146.patch: re-adding fix FIPS mode environments where
MD5
isn't available in Modules/_hashopenssl.c. (LP: #1898078)
-- [email protected] (Leonidas S. Barbosa) Wed, 30 Sep 2020
10:38:04 -0300
** Changed in: python2.7 (Ubuntu Bionic)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-26116
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1898078
Title:
FIPS OpenSSL crashes Python2.7 hashlib when using MD5
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1898078/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
