[Bug 2125702] [NEW] Fixes for CVE-2023-27043 and CVE-2025-0938 not applied on bionic, xenial, and trusty

Thu, 25 Sep 2025 12:30:34 -0700 

*** This bug is a security vulnerability ***

Public security bug reported:

On esm-infra/bionic and esm-infra/xenial, the patch that fixes
CVE-2023-27043 for python2.7 was not added to the
debian/patches/series.in file, so the fix is not applied.

On esm-infra-legacy/trusty, the patch that fixes CVE-2025-0938 for
python2.7 was not added to the debian/patches/series.in file, so the fix
is not applied.

** Affects: python2.7 (Ubuntu)
     Importance: Undecided
     Assignee: Hlib Korzhynskyy (hlibk)
         Status: In Progress

** Affects: python2.7 (Ubuntu Trusty)
     Importance: Undecided
     Assignee: Hlib Korzhynskyy (hlibk)
         Status: In Progress

** Affects: python2.7 (Ubuntu Xenial)
     Importance: Undecided
     Assignee: Hlib Korzhynskyy (hlibk)
         Status: In Progress

** Affects: python2.7 (Ubuntu Bionic)
     Importance: Undecided
     Assignee: Hlib Korzhynskyy (hlibk)
         Status: In Progress

** CVE added: https://cve.org/CVERecord?id=CVE-2023-27043

** CVE added: https://cve.org/CVERecord?id=CVE-2025-0938

** Changed in: python2.7 (Ubuntu)
       Status: New => In Progress

** Also affects: python2.7 (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: python2.7 (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: python2.7 (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Changed in: python2.7 (Ubuntu Trusty)
     Assignee: (unassigned) => Hlib Korzhynskyy (hlibk)

** Changed in: python2.7 (Ubuntu Xenial)
     Assignee: (unassigned) => Hlib Korzhynskyy (hlibk)

** Changed in: python2.7 (Ubuntu Bionic)
     Assignee: (unassigned) => Hlib Korzhynskyy (hlibk)

** Changed in: python2.7 (Ubuntu Trusty)
       Status: New => In Progress

** Changed in: python2.7 (Ubuntu Xenial)
       Status: New => In Progress

** Changed in: python2.7 (Ubuntu Bionic)
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2125702

Title:
  Fixes for CVE-2023-27043 and CVE-2025-0938 not applied on bionic,
  xenial, and trusty

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/2125702/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to