UbuntuUpdates.org

Package "libpython2.7-stdlib"

Name: libpython2.7-stdlib

Description:

Interactive high-level object-oriented language (standard library, version 2.7)

Latest version: 2.7.12-1ubuntu0~16.04.18
Release: xenial (16.04)
Level: security
Repository: main
Head package: python2.7

Links


Download "libpython2.7-stdlib"


Other versions of "libpython2.7-stdlib" in Xenial

Repository Area Version
base main 2.7.11-7ubuntu1
updates main 2.7.12-1ubuntu0~16.04.18

Changelog

Version: 2.7.12-1ubuntu0~16.04.18 2021-03-03 13:06:20 UTC

  python2.7 (2.7.12-1ubuntu0~16.04.18) xenial-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2021-3177.patch: use improved patch backport.
    - CVE-2021-3177
  * Fix autopkgtests due to expired certificates
    - debian/patches/ssl-certs-1.patch: Refresh expired SSL test certs
    - debian/patches/ssl-certs-2.patch: Refresh expired SSL test certs
    - debian/patches/test-ssl.patch: backport test changes and more ssl
      certs from python2.7 in bionic.

 -- Marc Deslauriers <email address hidden> Mon, 01 Mar 2021 06:38:31 -0500

Source diff to previous version
CVE-2021-3177 Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applic

Version: 2.7.12-1ubuntu0~16.04.16 2021-02-25 20:07:03 UTC

  python2.7 (2.7.12-1ubuntu0~16.04.16) xenial-security; urgency=medium

  * SECURITY REGRESSION: previous update caused a regression that causes it
    pending further investigation this update reverts it
    - debian/patches/CVE-2021-3177.patch: was removed.

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 25 Feb 2021 11:00:40 -0300

Source diff to previous version
CVE-2021-3177 Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applic

Version: 2.7.12-1ubuntu0~16.04.14 2021-02-25 14:06:17 UTC

  python2.7 (2.7.12-1ubuntu0~16.04.14) xenial-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2021-3177.patch: replace snprintf with Python unicode
      formatting in ctypes param reprs in Lib/ctypes/test/test_parameters.py,
      Modules/_ctypes/callproc.c.
    - CVE-2021-3177

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 01 Feb 2021 16:20:16 -0300

Source diff to previous version
CVE-2021-3177 Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applic

Version: 2.7.12-1ubuntu0~16.04.13 2020-10-14 17:06:58 UTC

  python2.7 (2.7.12-1ubuntu0~16.04.13) xenial-security; urgency=medium

  * SECURITY UPDATE: CRLF injection
    - debian/patches/CVE-2020-26116.patch: prevent header injection
      in http methods in Lib/httplib.py, Lib/test/test_httlib.py.
    - CVE-2020-26116

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 05 Oct 2020 10:56:01 -0300

Source diff to previous version
CVE-2020-26116 http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker contro

Version: 2.7.12-1ubuntu0~16.04.12 2020-07-22 15:06:16 UTC

  python2.7 (2.7.12-1ubuntu0~16.04.12) xenial-security; urgency=medium

  * SECURITY UPDATE: Misleading information
    - debian/patches/CVE-2019-17514.patch: explain that the orderness of the
      of the result is system-dependant in Doc/library/glob.rst.
    - CVE-2019-17514
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-9674.patch: add pitfalls to
      zipfile module doc in Doc/library/zipfile.rst,
      Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst.
    - CVE-2019-9674
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2019-20907.patch: avoid infinite loop in the
      tarfile module in Lib/tarfile.py, Lib/test/test_tarfile.py.
    - CVE-2019-20907

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 21 Jul 2020 12:19:50 -0300

CVE-2019-17514 library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrate
CVE-2019-9674 Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.
CVE-2019-20907 In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, becaus



About   -   Send Feedback to @ubuntu_updates