Package "libpython2.7-minimal"
Name: |
libpython2.7-minimal
|
Description: |
Minimal subset of the Python language (version 2.7)
|
Latest version: |
2.7.12-1ubuntu0~16.04.18 |
Release: |
xenial (16.04) |
Level: |
security |
Repository: |
main |
Head package: |
python2.7 |
Links
Download "libpython2.7-minimal"
Other versions of "libpython2.7-minimal" in Xenial
Changelog
python2.7 (2.7.12-1ubuntu0~16.04.11) xenial-security; urgency=medium
* SECURITY UPDATE: CRLF injection
- debian/patches/CVE-2019-18348.patch: disallow control characters
in hostnames in http.client in Lib/httplib.py, Lib/test/test_urllib2.py.
- CVE-2019-18348
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2020-8492.patch: fix the regex to prevent
the regex denial of service in Lib/urllib2.py.
- CVE-2020-8492
-- <email address hidden> (Leonidas S. Barbosa) Wed, 15 Apr 2020 14:07:12 -0300
|
Source diff to previous version |
CVE-2019-18348 |
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker co |
CVE-2020-8492 |
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular E |
|
python2.7 (2.7.12-1ubuntu0~16.04.9) xenial-security; urgency=medium
* SECURITY UPDATE: incorrect email address parsing
- debian/patches/CVE-2019-16056.patch: don't parse domains containing @
in Lib/email/_parseaddr.py, Lib/test/test_email/test_email.py.
- CVE-2019-16056
* SECURITY UPDATE: XSS in documentation XML-RPC server
- debian/patches/CVE-2019-16935.patch: escape the server_title in
Lib/DocXMLRPCServer.py, Lib/test/test_docxmlrpc.py.
- CVE-2019-16935
* debian/patches/avoid_test_docxmlrpc_race.patch: avoid race in
test_docxmlrpc server setup in Lib/test/test_docxmlrpc.py.
-- Marc Deslauriers <email address hidden> Tue, 08 Oct 2019 10:14:10 -0400
|
Source diff to previous version |
CVE-2019-16056 |
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses em |
CVE-2019-16935 |
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs |
|
python2.7 (2.7.12-1ubuntu0~16.04.4) xenial-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow via race condition
- debian/patches/CVE-2018-1000030-1.patch: stop crashes when iterating
over a file on multiple threads in Lib/test/test_file2k.py,
Objects/fileobject.c.
- debian/patches/CVE-2018-1000030-2.patch: fix crash when multiple
threads iterate over a file in Lib/test/test_file2k.py,
Objects/fileobject.c.
- CVE-2018-1000030
* SECURITY UPDATE: command injection in shutil module
- debian/patches/CVE-2018-1000802.patch: use subprocess rather than
distutils.spawn in Lib/shutil.py.
- CVE-2018-1000802
* SECURITY UPDATE: DoS via catastrophic backtracking
- debian/patches/CVE-2018-106x.patch: fix expressions in
Lib/difflib.py, Lib/poplib.py. Added tests to
Lib/test/test_difflib.py, Lib/test/test_poplib.py.
- CVE-2018-1060
- CVE-2018-1061
* SECURITY UPDATE: incorrect Expat hash salt initialization
- debian/patches/CVE-2018-14647.patch: call SetHashSalt in
Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c.
- CVE-2018-14647
-- Marc Deslauriers <email address hidden> Mon, 12 Nov 2018 09:36:49 -0500
|
Source diff to previous version |
CVE-2018-1000030 |
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it |
CVE-2018-1000802 |
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command In |
CVE-2018-1060 |
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacke |
CVE-2018-1061 |
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An |
CVE-2018-14647 |
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service |
|
python2.7 (2.7.12-1ubuntu0~16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: integer overflow in the PyString_DecodeEscape
function
- debian/patches/CVE-2017-1000158.patch: fix this integer overflow
in Objects/stringobject.c.
- CVE-2017-1000158
-- <email address hidden> (Leonidas S. Barbosa) Mon, 20 Nov 2017 15:23:56 -0300
|
About
-
Send Feedback to @ubuntu_updates