Package "libpython2.7-testsuite"
Name: |
libpython2.7-testsuite
|
Description: |
Testsuite for the Python standard library (v2.7)
|
Latest version: |
2.7.18-1~20.04.6 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
universe |
Head package: |
python2.7 |
Links
Download "libpython2.7-testsuite"
Other versions of "libpython2.7-testsuite" in Focal
Changelog
python2.7 (2.7.18-1~20.04.6) focal-security; urgency=medium
* SECURITY REGRESSION: regression for CVE-2024-6232
- d/p/fix-regression-lp2089071.patch: fix incomplete update for
CVE-2024-6232 (LP: #2089071)
-- Nishit Majithia <email address hidden> Thu, 21 Nov 2024 15:28:47 +0530
|
Source diff to previous version |
2089071 |
tarfile.py regression: \ |
CVE-2024-6232 |
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile heade |
|
python2.7 (2.7.18-1~20.04.5) focal-security; urgency=medium
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2024-6232.patch: Remove backtracking when parsing
tarfile headers
- CVE-2024-6232
* SECURITY UPDATE: header injection issue
- debian/patches/CVE-2024-6923.patch: Encode newlines in headers
- CVE-2024-6923
-- Nishit Majithia <email address hidden> Wed, 13 Nov 2024 10:42:32 +0530
|
Source diff to previous version |
CVE-2024-6232 |
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile heade |
CVE-2024-6923 |
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an |
|
python2.7 (2.7.18-1~20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: Injection Attack
- debian/patches/CVE-2015-20107.patch: Make mailcap refuse to match unsafe
filenames/types/param in Lib/mailcap.py.
- CVE-2015-20107
-- Leonidas Da Silva Barbosa <email address hidden> Fri, 01 Jul 2022 09:27:04 -0300
|
Source diff to previous version |
CVE-2015-20107 |
In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This m |
|
python2.7 (2.7.18-1~20.04.1) focal-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-9674.patch: add pitfalls to
zipfile module doc in Doc/library/zipfile.rst,
Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst.
- CVE-2019-9674
* SECURITY UPDATE: Misleading information
- debian/patches/CVE-2019-17514.patch: explain that the orderness of the
of the result is system-dependant in Doc/library/glob.rst.
- CVE-2019-17514
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2019-20907.patch: avoid infinite loop in the
tarfile module in Lib/tarfile.py, Lib/test/test_tarfile.py.
- CVE-2019-20907
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2020-8492.patch: fix the regex to prevent
the regex denial of service in Lib/urllib2.py.
- CVE-2020-8492
* SECURITY UPDATE: CRLF injection
- debian/patches/CVE-2020-26116.patch: prevent header injection
in http methods in Lib/httplib.py, Lib/test/test_httlib.py.
- CVE-2020-26116
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2021-3177.patch: use improved patch backport.
- CVE-2021-3177
-- Paulo Flabiano Smorigo <email address hidden> Mon, 08 Mar 2021 13:02:45 +0000
|
CVE-2019-9674 |
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. |
CVE-2019-17514 |
library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrate |
CVE-2019-20907 |
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, becaus |
CVE-2020-8492 |
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular E |
CVE-2020-26116 |
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker contro |
CVE-2021-3177 |
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applic |
|
About
-
Send Feedback to @ubuntu_updates