Format: 1.8 Date: Tue, 09 Jul 2019 12:51:35 -0400 Source: python2.7 Binary: python2.7 libpython2.7-stdlib python2.7-minimal libpython2.7-minimal libpython2.7 python2.7-examples python2.7-dev libpython2.7-dev libpython2.7-testsuite idle-python2.7 python2.7-doc python2.7-dbg libpython2.7-dbg Architecture: all amd64 Version: 2.7.15-4ubuntu4~18.04.1 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: idle-python2.7 - IDE for Python (v2.7) using Tkinter libpython2.7 - Shared Python runtime library (version 2.7) libpython2.7-dbg - Debug Build of the Python Interpreter (version 2.7) libpython2.7-dev - Header files and a static library for Python (v2.7) libpython2.7-minimal - Minimal subset of the Python language (version 2.7) libpython2.7-stdlib - Interactive high-level object-oriented language (standard library libpython2.7-testsuite - Testsuite for the Python standard library (v2.7) python2.7 - Interactive high-level object-oriented language (version 2.7) python2.7-dbg - Debug Build of the Python Interpreter (version 2.7) python2.7-dev - Header files and a static library for Python (v2.7) python2.7-doc - Documentation for the high-level object-oriented language Python python2.7-examples - Examples for the Python language (v2.7) python2.7-minimal - Minimal subset of the Python language (version 2.7) Launchpad-Bugs-Fixed: 1835135 Changes: python2.7 (2.7.15-4ubuntu4~18.04.1) bionic-security; urgency=medium . * SECURITY UPDATE: incorrect cookie domain check - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py. - CVE-2018-20852 * SECURITY UPDATE: NULL pointer dereference via X509 certificate - debian/patches/CVE-2019-5010.patch: fix segfault in ssl cert parser in Lib/test/talos-2019-0758.pem, Lib/test/test_ssl.py, Modules/_ssl.c. - CVE-2019-5010 * SECURITY UPDATE: improper handling of unicode encoding - debian/patches/CVE-2019-9636-1.patch: add check for characters in netloc that normalize to separators in Doc/library/urlparse.rst, Lib/test/test_urlparse.py, Lib/urlparse.py. - debian/patches/CVE-2019-9636-2.patch: only print test messages when verbose in Lib/test/test_urlparse.py. - CVE-2019-9636 * SECURITY UPDATE: HTTP header injection - debian/patches/CVE-2019-9740.patch: disallow control chars in http URLs in Lib/httplib.py, Lib/test/test_urllib.py, Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py. - CVE-2019-9740 - CVE-2019-9947 * SECURITY UPDATE: urllib support the local_file: scheme - debian/patches/CVE-2019-9948.patch: disallow file reading in Lib/urllib.py, Lib/test/test_urllib.py. - CVE-2019-9948 * SECURITY UPDATE: incomplete fix for CVE-2019-9636 - debian/patches/CVE-2019-10160-1.patch: fix handling of pre-normalization characters in urlsplit() in Lib/test/test_urlparse.py, Lib/urlparse.py. - debian/patches/CVE-2019-10160-2.patch: correct fix to handle decomposition in usernames in Lib/test/test_urlparse.py, Lib/urlparse.py. - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error message for Unicode URL in Lib/test/test_urlparse.py, Lib/urlparse.py. - CVE-2019-10160 * debian/patches/issue9146.diff: fix FIPS mode environments where MD5 isn't available in Modules/_hashopenssl.c. (LP: #1835135) Checksums-Sha1: 6f7bb45a8f5e53304aaf8b02120c8d9219015ccc 259596 idle-python2.7_2.7.15-4ubuntu4~18.04.1_all.deb 8357cff33c088edcba1c78ba185d6e63bc57e553 4636916 libpython2.7-dbg_2.7.15-4ubuntu4~18.04.1_amd64.deb bcf6a3f75d587bfb6e982c91ee97b2f66560481a 28270264 libpython2.7-dev_2.7.15-4ubuntu4~18.04.1_amd64.deb 61bed58605fd2ce7b3f70694dec452ad87fbb983 335640 libpython2.7-minimal_2.7.15-4ubuntu4~18.04.1_amd64.deb deefc3503bc80c6243cac7146b61165aaf3747f6 1914900 libpython2.7-stdlib_2.7.15-4ubuntu4~18.04.1_amd64.deb a06f29ecb892bc8e17a4235b24d4020b0b292091 2156216 libpython2.7-testsuite_2.7.15-4ubuntu4~18.04.1_all.deb b3379c6d819c4285ce8fea3f337de2a6e45e48cc 1051888 libpython2.7_2.7.15-4ubuntu4~18.04.1_amd64.deb ca293b508e2a30115f1bd9bc7ee29bc9adb61c43 7456800 python2.7-dbg_2.7.15-4ubuntu4~18.04.1_amd64.deb 419126394365119d04938ead45b848d8bfdb41e8 279096 python2.7-dev_2.7.15-4ubuntu4~18.04.1_amd64.deb f8f10ece44264f5e93984f2e67771d4165f3eb6e 4329056 python2.7-doc_2.7.15-4ubuntu4~18.04.1_all.deb 701c7054fe4fa510dfb8987d18c11581c71c940a 655308 python2.7-examples_2.7.15-4ubuntu4~18.04.1_all.deb 8ef257e7c04dda21d113fdbf735195ccb332b2c3 1293284 python2.7-minimal_2.7.15-4ubuntu4~18.04.1_amd64.deb 2116fad2dbb28dcd4e26d13541fb81446b492f5b 14547 python2.7_2.7.15-4ubuntu4~18.04.1_amd64.buildinfo 06ef36e446cd1b6423b9e003758184690f0db2ba 238636 python2.7_2.7.15-4ubuntu4~18.04.1_amd64.deb Checksums-Sha256: 3b5077dd4e174ec9a77896369d04214b1cbde0c8cc12ea022f7e21c1e7f0a636 259596 idle-python2.7_2.7.15-4ubuntu4~18.04.1_all.deb f0e2259bb7b818cfd24d61622c0d00609251f87eb8fe5ea1455257047206480f 4636916 libpython2.7-dbg_2.7.15-4ubuntu4~18.04.1_amd64.deb ed4e0bf9f8dbcdfe7932211ce794f08116c1d25cac049d89f909f450b787e60c 28270264 libpython2.7-dev_2.7.15-4ubuntu4~18.04.1_amd64.deb 04d0ab6fca72a18f30e864ba6379e554696c842e04edf73bf6b10958f47a2d5f 335640 libpython2.7-minimal_2.7.15-4ubuntu4~18.04.1_amd64.deb 70edbe0cf644e83036ae8732e1ec88e44237da42c040b467193ef24ad42e3df3 1914900 libpython2.7-stdlib_2.7.15-4ubuntu4~18.04.1_amd64.deb abfc63dd4e75783973694474152532dac65d6fbda7e6634aca7ead87b9df3e24 2156216 libpython2.7-testsuite_2.7.15-4ubuntu4~18.04.1_all.deb 2bb4265e59e2d041356104a182fd0db4b3a7fb51cd28222f8406507519e66493 1051888 libpython2.7_2.7.15-4ubuntu4~18.04.1_amd64.deb fdc98ec4d312c6cfc7c0ee25a6f912aa7f19db96697037db83338d03f47da561 7456800 python2.7-dbg_2.7.15-4ubuntu4~18.04.1_amd64.deb 72c3740e269b99e324d416df2e2f5bbd4b764e71088f4d34d7a967ecd1765c3e 279096 python2.7-dev_2.7.15-4ubuntu4~18.04.1_amd64.deb b6dda1d9d3e2cdf6562eb05b58785cb535d92346b71ea088a1e06ce27731a039 4329056 python2.7-doc_2.7.15-4ubuntu4~18.04.1_all.deb 42dca2801ad7bd7ea4da8c90350172f5889599cddaa5c331e08cf0019170c818 655308 python2.7-examples_2.7.15-4ubuntu4~18.04.1_all.deb 11d9820521e761d3a69569e750ce5803911489005ac2f5beccc56f178145ad51 1293284 python2.7-minimal_2.7.15-4ubuntu4~18.04.1_amd64.deb 616fcaabe95d7781d99b90edf8948cc2bbc96d9fb57abaa37a27ad41c6eef180 14547 python2.7_2.7.15-4ubuntu4~18.04.1_amd64.buildinfo 23988e598f32ed32bc051a23a5cf36cb91640decfcae22acb57f30b0c37362a3 238636 python2.7_2.7.15-4ubuntu4~18.04.1_amd64.deb Files: b34d17dee3a97e215d622945a5361e42 259596 python optional idle-python2.7_2.7.15-4ubuntu4~18.04.1_all.deb 9d549eaeebb8ec51d9ac6b3ef1c00ee8 4636916 debug optional libpython2.7-dbg_2.7.15-4ubuntu4~18.04.1_amd64.deb 334ecb0ad649990f71ced2576931e300 28270264 libdevel optional libpython2.7-dev_2.7.15-4ubuntu4~18.04.1_amd64.deb 0b7d4fb65e49e7f0660b81ed42c9a428 335640 python optional libpython2.7-minimal_2.7.15-4ubuntu4~18.04.1_amd64.deb d9a85a8d623ed6fc43823a339c6acabe 1914900 python optional libpython2.7-stdlib_2.7.15-4ubuntu4~18.04.1_amd64.deb 77b5a3220e8be5c3b4695fcc7b7f7335 2156216 libdevel optional libpython2.7-testsuite_2.7.15-4ubuntu4~18.04.1_all.deb 292e0a979783669e7f292bd9a337be06 1051888 libs optional libpython2.7_2.7.15-4ubuntu4~18.04.1_amd64.deb d6f6e12e6fe109ccb2e2e0ebf34365a7 7456800 debug optional python2.7-dbg_2.7.15-4ubuntu4~18.04.1_amd64.deb b31c07770bf437a9cf1c14de818c4292 279096 python optional python2.7-dev_2.7.15-4ubuntu4~18.04.1_amd64.deb 84fd1385b78486e4ad34c61fbd24b79b 4329056 doc optional python2.7-doc_2.7.15-4ubuntu4~18.04.1_all.deb 62cf7e257d27dc292ab7d963ba7795ce 655308 python optional python2.7-examples_2.7.15-4ubuntu4~18.04.1_all.deb 5e391654014101f678996879d0c089d9 1293284 python optional python2.7-minimal_2.7.15-4ubuntu4~18.04.1_amd64.deb 04437c5151259e0ef3ed930223e5bdf0 14547 python optional python2.7_2.7.15-4ubuntu4~18.04.1_amd64.buildinfo 2f4c67f9390c7d0db5827a63dbe18ed8 238636 python optional python2.7_2.7.15-4ubuntu4~18.04.1_amd64.deb Original-Maintainer: Matthias Klose