-
python2.4 (2.4.3-0ubuntu6.4) dapper-security; urgency=low
* SECURITY UPDATE: fix DoS via malformed XML
- debian/patches/CVE-2009-3720.dpatch: update Modules/expat/xmltok_impl.c
to not access beyond end of input string
- CVE-2009-3720
* SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
- debian/patches/CVE-2009-3560.dpatch: update Modules/expat/xmlparse.c to
properly recognize the end of a token
- CVE-2009-3560
-- Jamie Strandboge <email address hidden> Thu, 21 Jan 2010 08:38:11 -0600
-
python2.4 (2.4.3-0ubuntu6.3) dapper-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via multiple integer
overflows in the imageop module
- debian/rules, debian/patches/CVE-2008-4864.dpatch: introduce new
functions for size checks in Modules/imageop.c, introduce tests in
Lib/test/test_imageop.py.
- CVE-2008-4864
* SECURITY UPDATE: denial of service or possible arbitrary code execution
via multiple integer overflows in the expandtabs method
- debian/rules, debian/patches/CVE-2008-5031.dpatch: make sure we don't
overflow in Objects/{stringobject,unicodeobject}.c and add tests to
Lib/test/test_{str,unicode}.py.
- CVE-2008-5031
-- Marc Deslauriers <email address hidden> Tue, 21 Jul 2009 11:06:50 -0400
-
python2.4 (2.4.3-0ubuntu6.2) dapper-security; urgency=high
* SECURITY UPDATE: arbitrary code execution via multiple integer overflows.
* debian/rules, debian/patches/CVE-2008-1679.dpatch,
debian/patches/CVE-2008-1721.dpatch, debian/patches/stringobject.dpatch:
upstream fixes, thanks to Debian.
* debian/rules, debian/patches/CVE-2008-3142.dpatch,
debian/patches/CVE-2008-3143.dpatch, debian/patches/CVE-2008-2315.dpatch,
debian/patches/CVE-2008-3144.dpatch: upstream fixes, thanks to Robert
Buchholz.
* References
CVE-2008-1679 CVE-2008-1721 CVE-2008-1887 CVE-2008-3142
CVE-2008-3143 CVE-2008-3144 CVE-2008-2315
-- Kees Cook <email address hidden> Tue, 29 Jul 2008 16:17:01 -0700
-
python2.4 (2.4.3-0ubuntu6.1) dapper-security; urgency=low
* SECURITY UPDATE: code execution via integer overflows, information
leak via strxfrm.
* debian/rules, debian/patches/CVE-2007-4965-int-overflow.dpatch: upstream
changes, thanks to Stephan Hermann.
* debian/rules, debian/patches/strxfrm-leak.dpatch: upstream changes.
* References
http://bugs.python.org/file8592/python-2.5.CVE-2007-4965-int-overflow.patch
CVE-2007-4965
CVE-2007-2052
-- Kees Cook <email address hidden> Thu, 06 Mar 2008 14:39:57 -0800
-
python2.4 (2.4.3-0ubuntu6) dapper-security; urgency=low
* debian/rules: Disable test_tcl, since it hangs eternally on the buildds.
-- Martin Pitt <email address hidden> Fri, 6 Oct 2006 09:13:39 +0200
-
python2.4 (2.4.3-0ubuntu4) dapper; urgency=low
* Update locale aliases from /usr/share/X11/locale/locale.alias.
Closes: Malone #40079.
* Print alive messages during test_compiler test (taken from the 2.4
branch).
* Build depend on netbase, needed by test_socketmodule.
* Reenable the test_codeccallbacks test on sparc.
* Enable all test resource, except the network resource when running
on a buildd.
* Start idle with option -n from the desktop menu. Closes: Malone #37192.
* Update python logo.
* Check for the availability of the profile and pstats modules when
importing hotshot.pstats.
-- Matthias Klose <email address hidden> Fri, 21 Apr 2006 16:14:22 +0200
-
python2.4 (2.4.3-0ubuntu3) dapper; urgency=low
* Do not run the tests needing the network resource.
-- Matthias Klose <email address hidden> Mon, 10 Apr 2006 11:52:25 +0200
-
python2.4 (2.4.3-0ubuntu2) dapper; urgency=low
* Testsuite related changes only:
- Add build dependencies mime-support, libgpmg1 (needed by test cases).
- Run the testsuite with bsddb and curses resources enabled.
- On sparc, don't run test_codeccallbacks (bus error).
- Re-run the failed tests in verbose mode.
- Run the test suite for the debug build as well.
-- Matthias Klose <email address hidden> Thu, 6 Apr 2006 01:10:26 +0200
-
python2.4 (2.4.3-0ubuntu1) dapper; urgency=low
* Python 2.4.3 release.
- Fixed a bug that the gb18030 codec raises RuntimeError on encoding
surrogate pair area on UCS4 build. Ubuntu: #29289.
-- Matthias Klose <email address hidden> Thu, 30 Mar 2006 10:57:32 +0200
-
python2.4 (2.4.2+2.4.3c1-0ubuntu1) dapper; urgency=low
* SVN update up to 2006-03-25 (2.4.3 candidate 1).
- Regenerate the documentation.
-- Matthias Klose <email address hidden> Mon, 27 Mar 2006 12:03:05 +0000
-
python2.4 (2.4.2-1ubuntu3) dapper; urgency=low
* SVN update up to 2006-03-04
- Regenerate the documentation.
- map.mmap(-1, size, ...) can return anonymous memory again on Unix.
Ubuntu #26201.
* Build-depend on libncursesw5-dev, ncursesw5 is preferred for linking.
Provides UTF-8 compliant curses bindings.
* Fix difflib where certain patterns of differences were making difflib
touch the recursion limit.
-- Matthias Klose <email address hidden> Sat, 4 Mar 2006 21:38:24 +0000
-
python2.4 (2.4.2-1ubuntu2) dapper; urgency=low
* SVN update up to 2006-01-17
- pwd is now a builtin module, remove it from python-minimal.
- Regenerate the documentation.
* python2.4-tk: Suggest tix instead of tix8.1.
* Move config/Makefile from the -dev package into the runtime package
to be able to use the bdist_wininst distutils command. Closes: #348335.
-- Matthias Klose <email address hidden> Tue, 17 Jan 2006 11:02:24 +0000
-
python2.4 (2.4.2-1ubuntu1) dapper; urgency=low
* Temporarily remove build dependency on lsb-release.
-- Matthias Klose <email address hidden> Sun, 20 Nov 2005 17:40:18 +0100