UbuntuUpdates.org

Package "python-pip"

Name: python-pip

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Python package installer
  • Python package installer (pip wheel)

Latest version: 22.0.2+dfsg-1ubuntu0.5
Release: jammy (22.04)
Level: updates
Repository: universe

Links



Other versions of "python-pip" in Jammy

Repository Area Version
base universe 20.3.4+dfsg-4
security universe 22.0.2+dfsg-1ubuntu0.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 22.0.2+dfsg-1ubuntu0.5 2024-10-30 16:07:14 UTC

  python-pip (22.0.2+dfsg-1ubuntu0.5) jammy-security; urgency=medium

  * SECURITY UPDATE: The Proxy-Authorization header is not correctly stripped
    when redirecting to a different host in urllib3.
    - debian/patches/CVE-2024-37891.patch: Add "Proxy-Authorization" to
      DEFAULT_REMOVE_HEADERS_ON_REDIRECT in
      src/pip/vendor/urllib3/util/retry.py.
    - CVE-2024-37891

 -- Hlib Korzhynskyy <email address hidden> Fri, 18 Oct 2024 14:45:13 -0230

Source diff to previous version
CVE-2024-37891 urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header i

Version: 22.0.2+dfsg-1ubuntu0.4 2023-11-15 14:09:37 UTC

  python-pip (22.0.2+dfsg-1ubuntu0.4) jammy-security; urgency=medium

  * SECURITY UPDATE: http cookie leakage via http redirect
    - debian/patches/CVE-2023-43804.patch: removes the cookie from the
      http request when it is redirected to a different origin.
    - CVE-2023-43804
  * SECURITY UPDATE: http body leakage via http redirect
    - debian/patches/CVE-2023-45803.patch: removes the body from the
      http request when it is redirected to a different origin and the
      http verb is changed to GET.
    - CVE-2023-45803

 -- Jorge Sancho Larraz <email address hidden> Fri, 10 Nov 2023 13:42:40 +0100

Source diff to previous version
CVE-2023-43804 urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing

Version: 22.0.2+dfsg-1ubuntu0.3 2023-06-12 15:07:08 UTC

  python-pip (22.0.2+dfsg-1ubuntu0.3) jammy-security; urgency=medium

  * No-change rebuild for requests update.

 -- Marc Deslauriers <email address hidden> Mon, 05 Jun 2023 14:20:05 -0400

Source diff to previous version

Version: 22.0.2+dfsg-1ubuntu0.2 2023-02-28 17:06:59 UTC

  python-pip (22.0.2+dfsg-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: ReDOS in wheel.py
    - debian/patches/CVE-2022-40898.patch: Fix potential DoS attack
      via wheel_file_re by restricting matching dash and dot characters
      in src/pip/_internal/models/wheel.py.
    - CVE-2022-40898

 -- David Fernandez Gonzalez <email address hidden> Tue, 28 Feb 2023 10:39:46 +0100

Source diff to previous version
CVE-2022-40898 An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker c

Version: 22.0.2+dfsg-1ubuntu0.1 2023-01-24 15:07:44 UTC

  python-pip (22.0.2+dfsg-1ubuntu0.1) jammy-security; urgency=medium

  * No-change rebuild due to wheel and setuptools update.

 -- David Fernandez Gonzalez <email address hidden> Tue, 24 Jan 2023 10:23:13 +0100




About   -   Send Feedback to @ubuntu_updates