Package "libpython2.7-minimal"
Name: |
libpython2.7-minimal
|
Description: |
Minimal subset of the Python language (version 2.7)
|
Latest version: |
2.7.12-1ubuntu0~16.04.18 |
Release: |
xenial (16.04) |
Level: |
updates |
Repository: |
main |
Head package: |
python2.7 |
Links
Download "libpython2.7-minimal"
Other versions of "libpython2.7-minimal" in Xenial
Changelog
python2.7 (2.7.12-1ubuntu0~16.04.11) xenial-security; urgency=medium
* SECURITY UPDATE: CRLF injection
- debian/patches/CVE-2019-18348.patch: disallow control characters
in hostnames in http.client in Lib/httplib.py, Lib/test/test_urllib2.py.
- CVE-2019-18348
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2020-8492.patch: fix the regex to prevent
the regex denial of service in Lib/urllib2.py.
- CVE-2020-8492
-- <email address hidden> (Leonidas S. Barbosa) Wed, 15 Apr 2020 14:07:12 -0300
|
Source diff to previous version |
CVE-2019-18348 |
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker co |
CVE-2020-8492 |
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular E |
|
python2.7 (2.7.12-1ubuntu0~16.04.9) xenial-security; urgency=medium
* SECURITY UPDATE: incorrect email address parsing
- debian/patches/CVE-2019-16056.patch: don't parse domains containing @
in Lib/email/_parseaddr.py, Lib/test/test_email/test_email.py.
- CVE-2019-16056
* SECURITY UPDATE: XSS in documentation XML-RPC server
- debian/patches/CVE-2019-16935.patch: escape the server_title in
Lib/DocXMLRPCServer.py, Lib/test/test_docxmlrpc.py.
- CVE-2019-16935
* debian/patches/avoid_test_docxmlrpc_race.patch: avoid race in
test_docxmlrpc server setup in Lib/test/test_docxmlrpc.py.
-- Marc Deslauriers <email address hidden> Tue, 08 Oct 2019 10:14:10 -0400
|
Source diff to previous version |
CVE-2019-16056 |
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses em |
CVE-2019-16935 |
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs |
|
python2.7 (2.7.12-1ubuntu0~16.04.4) xenial-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow via race condition
- debian/patches/CVE-2018-1000030-1.patch: stop crashes when iterating
over a file on multiple threads in Lib/test/test_file2k.py,
Objects/fileobject.c.
- debian/patches/CVE-2018-1000030-2.patch: fix crash when multiple
threads iterate over a file in Lib/test/test_file2k.py,
Objects/fileobject.c.
- CVE-2018-1000030
* SECURITY UPDATE: command injection in shutil module
- debian/patches/CVE-2018-1000802.patch: use subprocess rather than
distutils.spawn in Lib/shutil.py.
- CVE-2018-1000802
* SECURITY UPDATE: DoS via catastrophic backtracking
- debian/patches/CVE-2018-106x.patch: fix expressions in
Lib/difflib.py, Lib/poplib.py. Added tests to
Lib/test/test_difflib.py, Lib/test/test_poplib.py.
- CVE-2018-1060
- CVE-2018-1061
* SECURITY UPDATE: incorrect Expat hash salt initialization
- debian/patches/CVE-2018-14647.patch: call SetHashSalt in
Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c.
- CVE-2018-14647
-- Marc Deslauriers <email address hidden> Mon, 12 Nov 2018 09:36:49 -0500
|
Source diff to previous version |
CVE-2018-1000030 |
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it |
CVE-2018-1000802 |
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command In |
CVE-2018-1060 |
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacke |
CVE-2018-1061 |
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An |
CVE-2018-14647 |
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service |
|
python2.7 (2.7.12-1ubuntu0~16.04.3) xenial-proposed; urgency=medium
* Some performance improvements: LP: #1638695.
- Build the _math.o object file without -fPIC for static builds.
* Rename md5_* functions to _Py_md5_*. Closes: #868366. LP: #1734109.
* Explicitly use the system python for byte compilation in postinst scripts.
LP: #1682934.
* Fix issue #22636: Avoid shell injection problems with
ctypes.util.find_library(). LP: #1512068.
-- Matthias Klose <email address hidden> Mon, 04 Dec 2017 15:50:18 +0100
|
1638695 |
Python 2.7.12 performance regression |
1734109 |
Avoid symbol conflicts with `md5_*' symbols in third party extensions |
1682934 |
python3 in /usr/local/bin can cause python3 packages to fail to install |
1512068 |
Python ctypes.util , Shell Injection in find_library() |
868366 |
python2.7: Exports `md5_init', causing conflicts with extension modules - Debian Bug report logs |
|
About
-
Send Feedback to @ubuntu_updates