python2.7 2.7.15-4ubuntu4~18.04.1 source package in Ubuntu

Changelog

python2.7 (2.7.15-4ubuntu4~18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: NULL pointer dereference via X509 certificate
    - debian/patches/CVE-2019-5010.patch: fix segfault in ssl cert parser
      in Lib/test/talos-2019-0758.pem, Lib/test/test_ssl.py,
      Modules/_ssl.c.
    - CVE-2019-5010
  * SECURITY UPDATE: improper handling of unicode encoding
    - debian/patches/CVE-2019-9636-1.patch: add check for characters in
      netloc that normalize to separators in Doc/library/urlparse.rst,
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-9636-2.patch: only print test messages when
      verbose in Lib/test/test_urlparse.py.
    - CVE-2019-9636
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947
  * SECURITY UPDATE: urllib support the local_file: scheme
    - debian/patches/CVE-2019-9948.patch: disallow file reading in
      Lib/urllib.py, Lib/test/test_urllib.py.
    - CVE-2019-9948
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * debian/patches/issue9146.diff: fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1835135)

 -- Marc Deslauriers <email address hidden>  Tue, 09 Jul 2019 12:51:35 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
python
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
python2.7_2.7.15.orig.tar.gz 16.7 MiB 18617d1f15a380a919d517630a9cd85ce17ea602f9bbdc58ddc672df4b0239db
python2.7_2.7.15-4ubuntu4~18.04.1.diff.gz 542.4 KiB 57262f5d8281a7e41f7a9f3e0f3f000c4fe2b6de4c832dd0ee877794b05ade6b
python2.7_2.7.15-4ubuntu4~18.04.1.dsc 3.4 KiB 680399ad4fa59c5ab097f1546c159440d602df7bac2837208f4978a3a63ca979

Available diffs

View changes file

Binary packages built by this source

idle-python2.7: IDE for Python (v2.7) using Tkinter

 IDLE is an Integrated Development Environment for Python (v2.7).
 IDLE is written using Tkinter and therefore quite platform-independent.

libpython2.7: Shared Python runtime library (version 2.7)

 Python is a high-level, interactive, object-oriented language. Its 2.7 version
 includes an extensive class library with lots of goodies for
 network programming, system administration, sounds and graphics.
 .
 This package contains the shared runtime library, normally not needed
 for programs using the statically linked interpreter.

libpython2.7-dbg: Debug Build of the Python Interpreter (version 2.7)

 The package holds two things:
 .
 - Extensions for a Python interpreter configured with --pydebug.
 - Debug information for standard python extensions.
 .
 See the README.debug for more information.

libpython2.7-dev: Header files and a static library for Python (v2.7)

 Header files, a static library and development tools for building
 Python (v2.7) modules, extending the Python interpreter or embedding
 Python (v2.7) in applications.
 .
 Maintainers of Python packages should read README.maintainers.
 .
 This package contains development files. It is normally not
 used on it's own, but as a dependency of python2.7-dev.

libpython2.7-minimal: Minimal subset of the Python language (version 2.7)

 This package contains some essential modules. It is normally not
 used on it's own, but as a dependency of python2.7-minimal.

libpython2.7-stdlib: Interactive high-level object-oriented language (standard library, version 2.7)

 Python is a high-level, interactive, object-oriented language. Its 2.7 version
 includes an extensive class library with lots of goodies for
 network programming, system administration, sounds and graphics.
 .
 This package contains Python 2.7's standard library. It is normally not
 used on its own, but as a dependency of python2.7.

libpython2.7-testsuite: Testsuite for the Python standard library (v2.7)

 The complete testsuite for the Python standard library. Note that
 a subset is found in the libpython2.7-stdlib package, which should
 be enough for other packages to use (please do not build-depend
 on this package, but file a bug report to include additional
 testsuite files in the libpython2.7-stdlib package).

python2.7: Interactive high-level object-oriented language (version 2.7)

 Python is a high-level, interactive, object-oriented language. Its 2.7 version
 includes an extensive class library with lots of goodies for
 network programming, system administration, sounds and graphics.

python2.7-dbg: Debug Build of the Python Interpreter (version 2.7)

 The package holds two things:
 .
 - A Python interpreter configured with --pydebug. Dynamically loaded modules
   are searched as <foo>_d.so first. Third party extensions need a separate
   build to be used by this interpreter.
 - Debug information for standard python interpreter and extensions.
 .
 See the README.debug for more information.

python2.7-dev: Header files and a static library for Python (v2.7)

 Header files, a static library and development tools for building
 Python (v2.7) modules, extending the Python interpreter or embedding
 Python (v2.7) in applications.
 .
 Maintainers of Python packages should read README.maintainers.

python2.7-doc: Documentation for the high-level object-oriented language Python (v2.7)

 These is the official set of documentation for the interactive high-level
 object-oriented language Python (v2.7). All documents are provided
 in HTML format. The package consists of ten documents:
 .
   * What's New in Python2.7
   * Tutorial
   * Python Library Reference
   * Macintosh Module Reference
   * Python Language Reference
   * Extending and Embedding Python
   * Python/C API Reference
   * Installing Python Modules
   * Documenting Python
   * Distributing Python Modules

python2.7-examples: Examples for the Python language (v2.7)

 Examples, Demos and Tools for Python (v2.7). These are files included in
 the upstream Python distribution (v2.7).

python2.7-minimal: Minimal subset of the Python language (version 2.7)

 This package contains the interpreter and some essential modules. It can
 be used in the boot process for some basic tasks.
 See /usr/share/doc/python2.7-minimal/README.Debian for a list of the modules
 contained in this package.