View Bazaar branches
Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/python2.7
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
importer/ubuntu/dsc 2019-09-09 17:26:32 UTC 2019-09-09
DSC file for 2.7.12-1ubuntu0~16.04.8

Author: Ubuntu Git Importer
Author Date: 2019-09-09 17:26:32 UTC

DSC file for 2.7.12-1ubuntu0~16.04.8

ubuntu/bionic-security 2019-09-09 17:06:37 UTC 2019-09-09
Import patches-unapplied version 2.7.15-4ubuntu4~18.04.1 to ubuntu/bionic-sec...

Author: Marc Deslauriers
Author Date: 2019-07-09 16:51:35 UTC

Import patches-unapplied version 2.7.15-4ubuntu4~18.04.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 288d1729e31cbfe563125a8050cf31f015f5b6a6

New changelog entries:
  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: NULL pointer dereference via X509 certificate
    - debian/patches/CVE-2019-5010.patch: fix segfault in ssl cert parser
      in Lib/test/talos-2019-0758.pem, Lib/test/test_ssl.py,
      Modules/_ssl.c.
    - CVE-2019-5010
  * SECURITY UPDATE: improper handling of unicode encoding
    - debian/patches/CVE-2019-9636-1.patch: add check for characters in
      netloc that normalize to separators in Doc/library/urlparse.rst,
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-9636-2.patch: only print test messages when
      verbose in Lib/test/test_urlparse.py.
    - CVE-2019-9636
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947
  * SECURITY UPDATE: urllib support the local_file: scheme
    - debian/patches/CVE-2019-9948.patch: disallow file reading in
      Lib/urllib.py, Lib/test/test_urllib.py.
    - CVE-2019-9948
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * debian/patches/issue9146.diff: fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1835135)

applied/ubuntu/bionic-devel 2019-09-09 17:06:37 UTC 2019-09-09
Import patches-applied version 2.7.15-4ubuntu4~18.04.1 to applied/ubuntu/bion...

Author: Marc Deslauriers
Author Date: 2019-07-09 16:51:35 UTC

Import patches-applied version 2.7.15-4ubuntu4~18.04.1 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 2cdc20379a1b86f3a67984f2e4f8dd5da88e6179
Unapplied parent: 9229aad532e71d0e3490b15bb7f4e1e9c26c7005

New changelog entries:
  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: NULL pointer dereference via X509 certificate
    - debian/patches/CVE-2019-5010.patch: fix segfault in ssl cert parser
      in Lib/test/talos-2019-0758.pem, Lib/test/test_ssl.py,
      Modules/_ssl.c.
    - CVE-2019-5010
  * SECURITY UPDATE: improper handling of unicode encoding
    - debian/patches/CVE-2019-9636-1.patch: add check for characters in
      netloc that normalize to separators in Doc/library/urlparse.rst,
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-9636-2.patch: only print test messages when
      verbose in Lib/test/test_urlparse.py.
    - CVE-2019-9636
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947
  * SECURITY UPDATE: urllib support the local_file: scheme
    - debian/patches/CVE-2019-9948.patch: disallow file reading in
      Lib/urllib.py, Lib/test/test_urllib.py.
    - CVE-2019-9948
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * debian/patches/issue9146.diff: fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1835135)

applied/ubuntu/bionic-security 2019-09-09 17:06:37 UTC 2019-09-09
Import patches-applied version 2.7.15-4ubuntu4~18.04.1 to applied/ubuntu/bion...

Author: Marc Deslauriers
Author Date: 2019-07-09 16:51:35 UTC

Import patches-applied version 2.7.15-4ubuntu4~18.04.1 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 2cdc20379a1b86f3a67984f2e4f8dd5da88e6179
Unapplied parent: 9229aad532e71d0e3490b15bb7f4e1e9c26c7005

New changelog entries:
  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: NULL pointer dereference via X509 certificate
    - debian/patches/CVE-2019-5010.patch: fix segfault in ssl cert parser
      in Lib/test/talos-2019-0758.pem, Lib/test/test_ssl.py,
      Modules/_ssl.c.
    - CVE-2019-5010
  * SECURITY UPDATE: improper handling of unicode encoding
    - debian/patches/CVE-2019-9636-1.patch: add check for characters in
      netloc that normalize to separators in Doc/library/urlparse.rst,
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-9636-2.patch: only print test messages when
      verbose in Lib/test/test_urlparse.py.
    - CVE-2019-9636
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947
  * SECURITY UPDATE: urllib support the local_file: scheme
    - debian/patches/CVE-2019-9948.patch: disallow file reading in
      Lib/urllib.py, Lib/test/test_urllib.py.
    - CVE-2019-9948
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * debian/patches/issue9146.diff: fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1835135)

applied/ubuntu/bionic-updates 2019-09-09 17:06:37 UTC 2019-09-09
Import patches-applied version 2.7.15-4ubuntu4~18.04.1 to applied/ubuntu/bion...

Author: Marc Deslauriers
Author Date: 2019-07-09 16:51:35 UTC

Import patches-applied version 2.7.15-4ubuntu4~18.04.1 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 2cdc20379a1b86f3a67984f2e4f8dd5da88e6179
Unapplied parent: 9229aad532e71d0e3490b15bb7f4e1e9c26c7005

New changelog entries:
  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: NULL pointer dereference via X509 certificate
    - debian/patches/CVE-2019-5010.patch: fix segfault in ssl cert parser
      in Lib/test/talos-2019-0758.pem, Lib/test/test_ssl.py,
      Modules/_ssl.c.
    - CVE-2019-5010
  * SECURITY UPDATE: improper handling of unicode encoding
    - debian/patches/CVE-2019-9636-1.patch: add check for characters in
      netloc that normalize to separators in Doc/library/urlparse.rst,
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-9636-2.patch: only print test messages when
      verbose in Lib/test/test_urlparse.py.
    - CVE-2019-9636
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947
  * SECURITY UPDATE: urllib support the local_file: scheme
    - debian/patches/CVE-2019-9948.patch: disallow file reading in
      Lib/urllib.py, Lib/test/test_urllib.py.
    - CVE-2019-9948
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * debian/patches/issue9146.diff: fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1835135)

applied/ubuntu/disco-devel 2019-09-09 17:06:37 UTC 2019-09-09
Import patches-applied version 2.7.16-2ubuntu0.1 to applied/ubuntu/disco-secu...

Author: Marc Deslauriers
Author Date: 2019-07-09 16:43:02 UTC

Import patches-applied version 2.7.16-2ubuntu0.1 to applied/ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: a1b8fa08e42cd35a9244286e896552f95f841b23
Unapplied parent: f3bed52a032cc934c64e3d18e0387703596aa403

New changelog entries:
  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * debian/patches/issue36216-2.diff: only print test messages when verbose
    in Lib/test/test_urlparse.py.
  * debian/patches/issue9146.diff: fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1835135)

applied/ubuntu/disco-security 2019-09-09 17:06:37 UTC 2019-09-09
Import patches-applied version 2.7.16-2ubuntu0.1 to applied/ubuntu/disco-secu...

Author: Marc Deslauriers
Author Date: 2019-07-09 16:43:02 UTC

Import patches-applied version 2.7.16-2ubuntu0.1 to applied/ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: a1b8fa08e42cd35a9244286e896552f95f841b23
Unapplied parent: f3bed52a032cc934c64e3d18e0387703596aa403

New changelog entries:
  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * debian/patches/issue36216-2.diff: only print test messages when verbose
    in Lib/test/test_urlparse.py.
  * debian/patches/issue9146.diff: fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1835135)

applied/ubuntu/disco-updates 2019-09-09 17:06:37 UTC 2019-09-09
Import patches-applied version 2.7.16-2ubuntu0.1 to applied/ubuntu/disco-secu...

Author: Marc Deslauriers
Author Date: 2019-07-09 16:43:02 UTC

Import patches-applied version 2.7.16-2ubuntu0.1 to applied/ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: a1b8fa08e42cd35a9244286e896552f95f841b23
Unapplied parent: f3bed52a032cc934c64e3d18e0387703596aa403

New changelog entries:
  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * debian/patches/issue36216-2.diff: only print test messages when verbose
    in Lib/test/test_urlparse.py.
  * debian/patches/issue9146.diff: fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1835135)

ubuntu/bionic-devel 2019-09-09 17:06:37 UTC 2019-09-09
Import patches-unapplied version 2.7.15-4ubuntu4~18.04.1 to ubuntu/bionic-sec...

Author: Marc Deslauriers
Author Date: 2019-07-09 16:51:35 UTC

Import patches-unapplied version 2.7.15-4ubuntu4~18.04.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 288d1729e31cbfe563125a8050cf31f015f5b6a6

New changelog entries:
  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: NULL pointer dereference via X509 certificate
    - debian/patches/CVE-2019-5010.patch: fix segfault in ssl cert parser
      in Lib/test/talos-2019-0758.pem, Lib/test/test_ssl.py,
      Modules/_ssl.c.
    - CVE-2019-5010
  * SECURITY UPDATE: improper handling of unicode encoding
    - debian/patches/CVE-2019-9636-1.patch: add check for characters in
      netloc that normalize to separators in Doc/library/urlparse.rst,
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-9636-2.patch: only print test messages when
      verbose in Lib/test/test_urlparse.py.
    - CVE-2019-9636
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947
  * SECURITY UPDATE: urllib support the local_file: scheme
    - debian/patches/CVE-2019-9948.patch: disallow file reading in
      Lib/urllib.py, Lib/test/test_urllib.py.
    - CVE-2019-9948
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * debian/patches/issue9146.diff: fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1835135)

ubuntu/disco-updates 2019-09-09 17:06:37 UTC 2019-09-09
Import patches-unapplied version 2.7.16-2ubuntu0.1 to ubuntu/disco-security

Author: Marc Deslauriers
Author Date: 2019-07-09 16:43:02 UTC

Import patches-unapplied version 2.7.16-2ubuntu0.1 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: bebc39ba3116a04a6aa8af99a3564921afd7bb74

New changelog entries:
  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * debian/patches/issue36216-2.diff: only print test messages when verbose
    in Lib/test/test_urlparse.py.
  * debian/patches/issue9146.diff: fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1835135)

ubuntu/disco-security 2019-09-09 17:06:37 UTC 2019-09-09
Import patches-unapplied version 2.7.16-2ubuntu0.1 to ubuntu/disco-security

Author: Marc Deslauriers
Author Date: 2019-07-09 16:43:02 UTC

Import patches-unapplied version 2.7.16-2ubuntu0.1 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: bebc39ba3116a04a6aa8af99a3564921afd7bb74

New changelog entries:
  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * debian/patches/issue36216-2.diff: only print test messages when verbose
    in Lib/test/test_urlparse.py.
  * debian/patches/issue9146.diff: fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1835135)

ubuntu/disco-devel 2019-09-09 17:06:37 UTC 2019-09-09
Import patches-unapplied version 2.7.16-2ubuntu0.1 to ubuntu/disco-security

Author: Marc Deslauriers
Author Date: 2019-07-09 16:43:02 UTC

Import patches-unapplied version 2.7.16-2ubuntu0.1 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: bebc39ba3116a04a6aa8af99a3564921afd7bb74

New changelog entries:
  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * debian/patches/issue36216-2.diff: only print test messages when verbose
    in Lib/test/test_urlparse.py.
  * debian/patches/issue9146.diff: fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1835135)

ubuntu/bionic-updates 2019-09-09 17:06:37 UTC 2019-09-09
Import patches-unapplied version 2.7.15-4ubuntu4~18.04.1 to ubuntu/bionic-sec...

Author: Marc Deslauriers
Author Date: 2019-07-09 16:51:35 UTC

Import patches-unapplied version 2.7.15-4ubuntu4~18.04.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 288d1729e31cbfe563125a8050cf31f015f5b6a6

New changelog entries:
  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: NULL pointer dereference via X509 certificate
    - debian/patches/CVE-2019-5010.patch: fix segfault in ssl cert parser
      in Lib/test/talos-2019-0758.pem, Lib/test/test_ssl.py,
      Modules/_ssl.c.
    - CVE-2019-5010
  * SECURITY UPDATE: improper handling of unicode encoding
    - debian/patches/CVE-2019-9636-1.patch: add check for characters in
      netloc that normalize to separators in Doc/library/urlparse.rst,
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-9636-2.patch: only print test messages when
      verbose in Lib/test/test_urlparse.py.
    - CVE-2019-9636
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947
  * SECURITY UPDATE: urllib support the local_file: scheme
    - debian/patches/CVE-2019-9948.patch: disallow file reading in
      Lib/urllib.py, Lib/test/test_urllib.py.
    - CVE-2019-9948
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * debian/patches/issue9146.diff: fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1835135)

importer/debian/dsc 2019-09-04 17:02:23 UTC 2019-09-04
DSC file for 2.7.16-4

Author: Ubuntu Git Importer
Author Date: 2019-09-04 17:02:23 UTC

DSC file for 2.7.16-4

applied/ubuntu/eoan-devel 2019-09-04 09:03:22 UTC 2019-09-04
Import patches-applied version 2.7.16-4 to applied/ubuntu/eoan-proposed

Author: Matthias Klose
Author Date: 2019-09-04 08:19:57 UTC

Import patches-applied version 2.7.16-4 to applied/ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 7b633796360de2c7df10a5ed379841fde4a9a1ee
Unapplied parent: 3a2c8b0f1f47cc91646639bcb15d687ea6ec3d01

New changelog entries:
  * Update to 20190904 from the 2.7 branch.
  * Refresh patches.
  * Drop build dependency on python:any. Addresses: #937569.
  * Annotate Build-Depends: xvfb and xauth with <!nocheck>. Closes: #928514.

applied/ubuntu/eoan-proposed 2019-09-04 09:03:22 UTC 2019-09-04
Import patches-applied version 2.7.16-4 to applied/ubuntu/eoan-proposed

Author: Matthias Klose
Author Date: 2019-09-04 08:19:57 UTC

Import patches-applied version 2.7.16-4 to applied/ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 7b633796360de2c7df10a5ed379841fde4a9a1ee
Unapplied parent: 3a2c8b0f1f47cc91646639bcb15d687ea6ec3d01

New changelog entries:
  * Update to 20190904 from the 2.7 branch.
  * Refresh patches.
  * Drop build dependency on python:any. Addresses: #937569.
  * Annotate Build-Depends: xvfb and xauth with <!nocheck>. Closes: #928514.

ubuntu/eoan-proposed 2019-09-04 09:03:22 UTC 2019-09-04
Import patches-unapplied version 2.7.16-4 to ubuntu/eoan-proposed

Author: Matthias Klose
Author Date: 2019-09-04 08:19:57 UTC

Import patches-unapplied version 2.7.16-4 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: bfd106541e23b7e5e975438b8dd02efea13083b2

New changelog entries:
  * Update to 20190904 from the 2.7 branch.
  * Refresh patches.
  * Drop build dependency on python:any. Addresses: #937569.
  * Annotate Build-Depends: xvfb and xauth with <!nocheck>. Closes: #928514.

applied/debian/sid 2019-09-04 09:03:22 UTC 2019-09-04
Import patches-applied version 2.7.16-4 to applied/ubuntu/eoan-proposed

Author: Matthias Klose
Author Date: 2019-09-04 08:19:57 UTC

Import patches-applied version 2.7.16-4 to applied/ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 7b633796360de2c7df10a5ed379841fde4a9a1ee
Unapplied parent: 3a2c8b0f1f47cc91646639bcb15d687ea6ec3d01

New changelog entries:
  * Update to 20190904 from the 2.7 branch.
  * Refresh patches.
  * Drop build dependency on python:any. Addresses: #937569.
  * Annotate Build-Depends: xvfb and xauth with <!nocheck>. Closes: #928514.

applied/ubuntu/devel 2019-09-04 09:03:22 UTC 2019-09-04
Import patches-applied version 2.7.16-4 to applied/ubuntu/eoan-proposed

Author: Matthias Klose
Author Date: 2019-09-04 08:19:57 UTC

Import patches-applied version 2.7.16-4 to applied/ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 7b633796360de2c7df10a5ed379841fde4a9a1ee
Unapplied parent: 3a2c8b0f1f47cc91646639bcb15d687ea6ec3d01

New changelog entries:
  * Update to 20190904 from the 2.7 branch.
  * Refresh patches.
  * Drop build dependency on python:any. Addresses: #937569.
  * Annotate Build-Depends: xvfb and xauth with <!nocheck>. Closes: #928514.

ubuntu/eoan 2019-09-04 09:03:22 UTC 2019-09-04
Import patches-unapplied version 2.7.16-4 to ubuntu/eoan-proposed

Author: Matthias Klose
Author Date: 2019-09-04 08:19:57 UTC

Import patches-unapplied version 2.7.16-4 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: bfd106541e23b7e5e975438b8dd02efea13083b2

New changelog entries:
  * Update to 20190904 from the 2.7 branch.
  * Refresh patches.
  * Drop build dependency on python:any. Addresses: #937569.
  * Annotate Build-Depends: xvfb and xauth with <!nocheck>. Closes: #928514.

debian/sid 2019-09-04 09:03:22 UTC 2019-09-04
Import patches-unapplied version 2.7.16-4 to ubuntu/eoan-proposed

Author: Matthias Klose
Author Date: 2019-09-04 08:19:57 UTC

Import patches-unapplied version 2.7.16-4 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: bfd106541e23b7e5e975438b8dd02efea13083b2

New changelog entries:
  * Update to 20190904 from the 2.7 branch.
  * Refresh patches.
  * Drop build dependency on python:any. Addresses: #937569.
  * Annotate Build-Depends: xvfb and xauth with <!nocheck>. Closes: #928514.

ubuntu/eoan-devel 2019-09-04 09:03:22 UTC 2019-09-04
Import patches-unapplied version 2.7.16-4 to ubuntu/eoan-proposed

Author: Matthias Klose
Author Date: 2019-09-04 08:19:57 UTC

Import patches-unapplied version 2.7.16-4 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: bfd106541e23b7e5e975438b8dd02efea13083b2

New changelog entries:
  * Update to 20190904 from the 2.7 branch.
  * Refresh patches.
  * Drop build dependency on python:any. Addresses: #937569.
  * Annotate Build-Depends: xvfb and xauth with <!nocheck>. Closes: #928514.

applied/ubuntu/eoan 2019-09-04 09:03:22 UTC 2019-09-04
Import patches-applied version 2.7.16-4 to applied/ubuntu/eoan-proposed

Author: Matthias Klose
Author Date: 2019-09-04 08:19:57 UTC

Import patches-applied version 2.7.16-4 to applied/ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 7b633796360de2c7df10a5ed379841fde4a9a1ee
Unapplied parent: 3a2c8b0f1f47cc91646639bcb15d687ea6ec3d01

New changelog entries:
  * Update to 20190904 from the 2.7 branch.
  * Refresh patches.
  * Drop build dependency on python:any. Addresses: #937569.
  * Annotate Build-Depends: xvfb and xauth with <!nocheck>. Closes: #928514.

ubuntu/devel 2019-09-04 09:03:22 UTC 2019-09-04
Import patches-unapplied version 2.7.16-4 to ubuntu/eoan-proposed

Author: Matthias Klose
Author Date: 2019-09-04 08:19:57 UTC

Import patches-unapplied version 2.7.16-4 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: bfd106541e23b7e5e975438b8dd02efea13083b2

New changelog entries:
  * Update to 20190904 from the 2.7 branch.
  * Refresh patches.
  * Drop build dependency on python:any. Addresses: #937569.
  * Annotate Build-Depends: xvfb and xauth with <!nocheck>. Closes: #928514.

applied/ubuntu/xenial-devel 2019-08-22 16:36:40 UTC 2019-08-22
Import patches-applied version 2.7.12-1ubuntu0~16.04.8 to applied/ubuntu/xeni...

Author: Marc Deslauriers
Author Date: 2019-08-22 16:36:40 UTC

Import patches-applied version 2.7.12-1ubuntu0~16.04.8 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 2230a3d045b04a5af491b07873a3eaa1d2c60004
Unapplied parent: 34ae73f68304d8b4fdfb2f3571675416aec05fc8

New changelog entries:
  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: NULL pointer dereference via X509 certificate
    - debian/patches/CVE-2019-5010.patch: fix segfault in ssl cert parser
      in Lib/test/talos-2019-0758.pem, Lib/test/test_ssl.py,
      Modules/_ssl.c.
    - CVE-2019-5010
  * SECURITY UPDATE: improper handling of unicode encoding
    - debian/patches/CVE-2019-9636-1.patch: add check for characters in
      netloc that normalize to separators in Doc/library/urlparse.rst,
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-9636-2.patch: only print test messages when
      verbose in Lib/test/test_urlparse.py.
    - CVE-2019-9636
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/bpo30500.patch: simplify splithost by calling into
      urlparse in Lib/test/test_urllib.py, Lib/urllib.py.
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947
  * SECURITY UPDATE: urllib support the local_file: scheme
    - debian/patches/CVE-2019-9948.patch: disallow file reading in
      Lib/urllib.py, Lib/test/test_urllib.py.
    - CVE-2019-9948
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * debian/patches/issue9146.diff: fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1835135)

applied/ubuntu/xenial-security 2019-08-22 16:36:40 UTC 2019-08-22
Import patches-applied version 2.7.12-1ubuntu0~16.04.8 to applied/ubuntu/xeni...

Author: Marc Deslauriers
Author Date: 2019-08-22 16:36:40 UTC

Import patches-applied version 2.7.12-1ubuntu0~16.04.8 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 2230a3d045b04a5af491b07873a3eaa1d2c60004
Unapplied parent: 34ae73f68304d8b4fdfb2f3571675416aec05fc8

New changelog entries:
  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: NULL pointer dereference via X509 certificate
    - debian/patches/CVE-2019-5010.patch: fix segfault in ssl cert parser
      in Lib/test/talos-2019-0758.pem, Lib/test/test_ssl.py,
      Modules/_ssl.c.
    - CVE-2019-5010
  * SECURITY UPDATE: improper handling of unicode encoding
    - debian/patches/CVE-2019-9636-1.patch: add check for characters in
      netloc that normalize to separators in Doc/library/urlparse.rst,
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-9636-2.patch: only print test messages when
      verbose in Lib/test/test_urlparse.py.
    - CVE-2019-9636
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/bpo30500.patch: simplify splithost by calling into
      urlparse in Lib/test/test_urllib.py, Lib/urllib.py.
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947
  * SECURITY UPDATE: urllib support the local_file: scheme
    - debian/patches/CVE-2019-9948.patch: disallow file reading in
      Lib/urllib.py, Lib/test/test_urllib.py.
    - CVE-2019-9948
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * debian/patches/issue9146.diff: fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1835135)

ubuntu/xenial-devel 2019-08-22 16:36:40 UTC 2019-08-22
Import patches-unapplied version 2.7.12-1ubuntu0~16.04.8 to ubuntu/xenial-sec...

Author: Marc Deslauriers
Author Date: 2019-08-22 16:36:40 UTC

Import patches-unapplied version 2.7.12-1ubuntu0~16.04.8 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: a4a75629588529057d3b5f890791015bff09b629

New changelog entries:
  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: NULL pointer dereference via X509 certificate
    - debian/patches/CVE-2019-5010.patch: fix segfault in ssl cert parser
      in Lib/test/talos-2019-0758.pem, Lib/test/test_ssl.py,
      Modules/_ssl.c.
    - CVE-2019-5010
  * SECURITY UPDATE: improper handling of unicode encoding
    - debian/patches/CVE-2019-9636-1.patch: add check for characters in
      netloc that normalize to separators in Doc/library/urlparse.rst,
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-9636-2.patch: only print test messages when
      verbose in Lib/test/test_urlparse.py.
    - CVE-2019-9636
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/bpo30500.patch: simplify splithost by calling into
      urlparse in Lib/test/test_urllib.py, Lib/urllib.py.
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947
  * SECURITY UPDATE: urllib support the local_file: scheme
    - debian/patches/CVE-2019-9948.patch: disallow file reading in
      Lib/urllib.py, Lib/test/test_urllib.py.
    - CVE-2019-9948
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * debian/patches/issue9146.diff: fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1835135)

ubuntu/xenial-updates 2019-08-22 16:36:40 UTC 2019-08-22
Import patches-unapplied version 2.7.12-1ubuntu0~16.04.8 to ubuntu/xenial-sec...

Author: Marc Deslauriers
Author Date: 2019-08-22 16:36:40 UTC

Import patches-unapplied version 2.7.12-1ubuntu0~16.04.8 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: a4a75629588529057d3b5f890791015bff09b629

New changelog entries:
  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: NULL pointer dereference via X509 certificate
    - debian/patches/CVE-2019-5010.patch: fix segfault in ssl cert parser
      in Lib/test/talos-2019-0758.pem, Lib/test/test_ssl.py,
      Modules/_ssl.c.
    - CVE-2019-5010
  * SECURITY UPDATE: improper handling of unicode encoding
    - debian/patches/CVE-2019-9636-1.patch: add check for characters in
      netloc that normalize to separators in Doc/library/urlparse.rst,
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-9636-2.patch: only print test messages when
      verbose in Lib/test/test_urlparse.py.
    - CVE-2019-9636
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/bpo30500.patch: simplify splithost by calling into
      urlparse in Lib/test/test_urllib.py, Lib/urllib.py.
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947
  * SECURITY UPDATE: urllib support the local_file: scheme
    - debian/patches/CVE-2019-9948.patch: disallow file reading in
      Lib/urllib.py, Lib/test/test_urllib.py.
    - CVE-2019-9948
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * debian/patches/issue9146.diff: fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1835135)

ubuntu/xenial-security 2019-08-22 16:36:40 UTC 2019-08-22
Import patches-unapplied version 2.7.12-1ubuntu0~16.04.8 to ubuntu/xenial-sec...

Author: Marc Deslauriers
Author Date: 2019-08-22 16:36:40 UTC

Import patches-unapplied version 2.7.12-1ubuntu0~16.04.8 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: a4a75629588529057d3b5f890791015bff09b629

New changelog entries:
  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: NULL pointer dereference via X509 certificate
    - debian/patches/CVE-2019-5010.patch: fix segfault in ssl cert parser
      in Lib/test/talos-2019-0758.pem, Lib/test/test_ssl.py,
      Modules/_ssl.c.
    - CVE-2019-5010
  * SECURITY UPDATE: improper handling of unicode encoding
    - debian/patches/CVE-2019-9636-1.patch: add check for characters in
      netloc that normalize to separators in Doc/library/urlparse.rst,
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-9636-2.patch: only print test messages when
      verbose in Lib/test/test_urlparse.py.
    - CVE-2019-9636
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/bpo30500.patch: simplify splithost by calling into
      urlparse in Lib/test/test_urllib.py, Lib/urllib.py.
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947
  * SECURITY UPDATE: urllib support the local_file: scheme
    - debian/patches/CVE-2019-9948.patch: disallow file reading in
      Lib/urllib.py, Lib/test/test_urllib.py.
    - CVE-2019-9948
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * debian/patches/issue9146.diff: fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1835135)

applied/ubuntu/xenial-updates 2019-08-22 16:36:40 UTC 2019-08-22
Import patches-applied version 2.7.12-1ubuntu0~16.04.8 to applied/ubuntu/xeni...

Author: Marc Deslauriers
Author Date: 2019-08-22 16:36:40 UTC

Import patches-applied version 2.7.12-1ubuntu0~16.04.8 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 2230a3d045b04a5af491b07873a3eaa1d2c60004
Unapplied parent: 34ae73f68304d8b4fdfb2f3571675416aec05fc8

New changelog entries:
  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/cookielib.py, Lib/test/test_cookielib.py.
    - CVE-2018-20852
  * SECURITY UPDATE: NULL pointer dereference via X509 certificate
    - debian/patches/CVE-2019-5010.patch: fix segfault in ssl cert parser
      in Lib/test/talos-2019-0758.pem, Lib/test/test_ssl.py,
      Modules/_ssl.c.
    - CVE-2019-5010
  * SECURITY UPDATE: improper handling of unicode encoding
    - debian/patches/CVE-2019-9636-1.patch: add check for characters in
      netloc that normalize to separators in Doc/library/urlparse.rst,
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-9636-2.patch: only print test messages when
      verbose in Lib/test/test_urlparse.py.
    - CVE-2019-9636
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/bpo30500.patch: simplify splithost by calling into
      urlparse in Lib/test/test_urllib.py, Lib/urllib.py.
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/httplib.py, Lib/test/test_urllib.py,
      Lib/test/test_urllib2.py, Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947
  * SECURITY UPDATE: urllib support the local_file: scheme
    - debian/patches/CVE-2019-9948.patch: disallow file reading in
      Lib/urllib.py, Lib/test/test_urllib.py.
    - CVE-2019-9948
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - debian/patches/CVE-2019-10160-3.patch: fix urlparse.urlsplit() error
      message for Unicode URL in Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2019-10160
  * debian/patches/issue9146.diff: fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1835135)

ubuntu/bionic-proposed 2019-04-23 18:58:12 UTC 2019-04-23
Import patches-unapplied version 2.7.15-4ubuntu4~18.04 to ubuntu/bionic-proposed

Author: Dimitri John Ledkov
Author Date: 2018-11-27 23:36:35 UTC

Import patches-unapplied version 2.7.15-4ubuntu4~18.04 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 20968df9d13f01c5f74bdc90eacd858ed2f93c7c

New changelog entries:
  * Rebuild against OpenSSL 1.1.1. LP: #1797386
  * Update to 2.7.15 final.

applied/ubuntu/bionic-proposed 2019-04-23 18:58:12 UTC 2019-04-23
Import patches-applied version 2.7.15-4ubuntu4~18.04 to applied/ubuntu/bionic...

Author: Dimitri John Ledkov
Author Date: 2018-11-27 23:36:35 UTC

Import patches-applied version 2.7.15-4ubuntu4~18.04 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 732dec72869cc2a490718ccfe29fa5fafd3ff9b4
Unapplied parent: 288d1729e31cbfe563125a8050cf31f015f5b6a6

New changelog entries:
  * Rebuild against OpenSSL 1.1.1. LP: #1797386
  * Update to 2.7.15 final.

ubuntu/cosmic-devel 2019-04-11 20:08:12 UTC 2019-04-11
Import patches-unapplied version 2.7.16-2~18.10 to ubuntu/cosmic-proposed

Author: Matthias Klose
Author Date: 2019-04-09 04:50:39 UTC

Import patches-unapplied version 2.7.16-2~18.10 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: bebc39ba3116a04a6aa8af99a3564921afd7bb74

New changelog entries:
  * SRU: LP: #1822993.

applied/ubuntu/cosmic-devel 2019-04-11 20:08:12 UTC 2019-04-11
Import patches-applied version 2.7.16-2~18.10 to applied/ubuntu/cosmic-proposed

Author: Matthias Klose
Author Date: 2019-04-09 04:50:39 UTC

Import patches-applied version 2.7.16-2~18.10 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: a1b8fa08e42cd35a9244286e896552f95f841b23
Unapplied parent: b757ffeef910f6275be2b2a24f00b4eda0c0ff67

New changelog entries:
  * SRU: LP: #1822993.

applied/ubuntu/cosmic-proposed 2019-04-11 20:08:12 UTC 2019-04-11
Import patches-applied version 2.7.16-2~18.10 to applied/ubuntu/cosmic-proposed

Author: Matthias Klose
Author Date: 2019-04-09 04:50:39 UTC

Import patches-applied version 2.7.16-2~18.10 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: a1b8fa08e42cd35a9244286e896552f95f841b23
Unapplied parent: b757ffeef910f6275be2b2a24f00b4eda0c0ff67

New changelog entries:
  * SRU: LP: #1822993.

applied/ubuntu/cosmic-updates 2019-04-11 20:08:12 UTC 2019-04-11
Import patches-applied version 2.7.16-2~18.10 to applied/ubuntu/cosmic-proposed

Author: Matthias Klose
Author Date: 2019-04-09 04:50:39 UTC

Import patches-applied version 2.7.16-2~18.10 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: a1b8fa08e42cd35a9244286e896552f95f841b23
Unapplied parent: b757ffeef910f6275be2b2a24f00b4eda0c0ff67

New changelog entries:
  * SRU: LP: #1822993.

ubuntu/cosmic-updates 2019-04-11 20:08:12 UTC 2019-04-11
Import patches-unapplied version 2.7.16-2~18.10 to ubuntu/cosmic-proposed

Author: Matthias Klose
Author Date: 2019-04-09 04:50:39 UTC

Import patches-unapplied version 2.7.16-2~18.10 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: bebc39ba3116a04a6aa8af99a3564921afd7bb74

New changelog entries:
  * SRU: LP: #1822993.

ubuntu/cosmic-proposed 2019-04-11 20:08:12 UTC 2019-04-11
Import patches-unapplied version 2.7.16-2~18.10 to ubuntu/cosmic-proposed

Author: Matthias Klose
Author Date: 2019-04-09 04:50:39 UTC

Import patches-unapplied version 2.7.16-2~18.10 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: bebc39ba3116a04a6aa8af99a3564921afd7bb74

New changelog entries:
  * SRU: LP: #1822993.

ubuntu/disco 2019-04-06 01:58:11 UTC 2019-04-06
Import patches-unapplied version 2.7.16-2 to ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-04-06 01:42:57 UTC

Import patches-unapplied version 2.7.16-2 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 82798bdab8ef8b7aba10a22ec0b4084a3ee7cb40

New changelog entries:
  [ Matthias Klose ]
  * CVE-2019-9636. Fix issue #36216: Add check for characters in netloc that
    normalize to separators. Closes: #924073.
  * CVE-2019-9948. Fix issue #35907: Stop urllib exposing the local_file schema
    (file://).
  [ Dimitri John Ledkov ]
  * Bump Build-Depedency and Dependency of libssl-dev and libss1.1 to
    1.1.1 or higher. As TLS1.3 constants leak into ssl module, thus one
    shouldn't mix and match python2.7 & libssl1.1. LP: #1808476

ubuntu/disco-proposed 2019-04-06 01:58:11 UTC 2019-04-06
Import patches-unapplied version 2.7.16-2 to ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-04-06 01:42:57 UTC

Import patches-unapplied version 2.7.16-2 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 82798bdab8ef8b7aba10a22ec0b4084a3ee7cb40

New changelog entries:
  [ Matthias Klose ]
  * CVE-2019-9636. Fix issue #36216: Add check for characters in netloc that
    normalize to separators. Closes: #924073.
  * CVE-2019-9948. Fix issue #35907: Stop urllib exposing the local_file schema
    (file://).
  [ Dimitri John Ledkov ]
  * Bump Build-Depedency and Dependency of libssl-dev and libss1.1 to
    1.1.1 or higher. As TLS1.3 constants leak into ssl module, thus one
    shouldn't mix and match python2.7 & libssl1.1. LP: #1808476

debian/buster 2019-04-06 01:58:11 UTC 2019-04-06
Import patches-unapplied version 2.7.16-2 to ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-04-06 01:42:57 UTC

Import patches-unapplied version 2.7.16-2 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 82798bdab8ef8b7aba10a22ec0b4084a3ee7cb40

New changelog entries:
  [ Matthias Klose ]
  * CVE-2019-9636. Fix issue #36216: Add check for characters in netloc that
    normalize to separators. Closes: #924073.
  * CVE-2019-9948. Fix issue #35907: Stop urllib exposing the local_file schema
    (file://).
  [ Dimitri John Ledkov ]
  * Bump Build-Depedency and Dependency of libssl-dev and libss1.1 to
    1.1.1 or higher. As TLS1.3 constants leak into ssl module, thus one
    shouldn't mix and match python2.7 & libssl1.1. LP: #1808476

applied/ubuntu/disco-proposed 2019-04-06 01:58:11 UTC 2019-04-06
Import patches-applied version 2.7.16-2 to applied/ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-04-06 01:42:57 UTC

Import patches-applied version 2.7.16-2 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 6d214af3ad089c5088d4e02241fc05b7452ba860
Unapplied parent: bebc39ba3116a04a6aa8af99a3564921afd7bb74

New changelog entries:
  [ Matthias Klose ]
  * CVE-2019-9636. Fix issue #36216: Add check for characters in netloc that
    normalize to separators. Closes: #924073.
  * CVE-2019-9948. Fix issue #35907: Stop urllib exposing the local_file schema
    (file://).
  [ Dimitri John Ledkov ]
  * Bump Build-Depedency and Dependency of libssl-dev and libss1.1 to
    1.1.1 or higher. As TLS1.3 constants leak into ssl module, thus one
    shouldn't mix and match python2.7 & libssl1.1. LP: #1808476

applied/ubuntu/disco 2019-04-06 01:58:11 UTC 2019-04-06
Import patches-applied version 2.7.16-2 to applied/ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-04-06 01:42:57 UTC

Import patches-applied version 2.7.16-2 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 6d214af3ad089c5088d4e02241fc05b7452ba860
Unapplied parent: bebc39ba3116a04a6aa8af99a3564921afd7bb74

New changelog entries:
  [ Matthias Klose ]
  * CVE-2019-9636. Fix issue #36216: Add check for characters in netloc that
    normalize to separators. Closes: #924073.
  * CVE-2019-9948. Fix issue #35907: Stop urllib exposing the local_file schema
    (file://).
  [ Dimitri John Ledkov ]
  * Bump Build-Depedency and Dependency of libssl-dev and libss1.1 to
    1.1.1 or higher. As TLS1.3 constants leak into ssl module, thus one
    shouldn't mix and match python2.7 & libssl1.1. LP: #1808476

applied/debian/buster 2019-04-06 01:58:11 UTC 2019-04-06
Import patches-applied version 2.7.16-2 to applied/ubuntu/disco-proposed

Author: Matthias Klose
Author Date: 2019-04-06 01:42:57 UTC

Import patches-applied version 2.7.16-2 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 6d214af3ad089c5088d4e02241fc05b7452ba860
Unapplied parent: bebc39ba3116a04a6aa8af99a3564921afd7bb74

New changelog entries:
  [ Matthias Klose ]
  * CVE-2019-9636. Fix issue #36216: Add check for characters in netloc that
    normalize to separators. Closes: #924073.
  * CVE-2019-9948. Fix issue #35907: Stop urllib exposing the local_file schema
    (file://).
  [ Dimitri John Ledkov ]
  * Bump Build-Depedency and Dependency of libssl-dev and libss1.1 to
    1.1.1 or higher. As TLS1.3 constants leak into ssl module, thus one
    shouldn't mix and match python2.7 & libssl1.1. LP: #1808476

ubuntu/trusty-devel 2018-11-13 15:28:15 UTC 2018-11-13
Import patches-unapplied version 2.7.6-8ubuntu0.5 to ubuntu/trusty-security

Author: Marc Deslauriers
Author Date: 2018-11-12 16:49:11 UTC

Import patches-unapplied version 2.7.6-8ubuntu0.5 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 2d213cad3e01a588088f9ddf1771fa008fccbd9d

New changelog entries:
  * SECURITY UPDATE: heap buffer overflow via race condition
    - debian/patches/CVE-2018-1000030-1.patch: stop crashes when iterating
      over a file on multiple threads in Lib/test/test_file2k.py,
      Objects/fileobject.c.
    - debian/patches/CVE-2018-1000030-2.patch: fix crash when multiple
      threads iterate over a file in Lib/test/test_file2k.py,
      Objects/fileobject.c.
    - CVE-2018-1000030
  * SECURITY UPDATE: command injection in shutil module
    - debian/patches/CVE-2018-1000802.patch: use subprocess rather than
      distutils.spawn in Lib/shutil.py.
    - CVE-2018-1000802
  * SECURITY UPDATE: DoS via catastrophic backtracking
    - debian/patches/CVE-2018-106x.patch: fix expressions in
      Lib/difflib.py, Lib/poplib.py. Added tests to
      Lib/test/test_difflib.py, Lib/test/test_poplib.py.
    - CVE-2018-1060
    - CVE-2018-1061
  * SECURITY UPDATE: incorrect Expat hash salt initialization
    - debian/patches/CVE-2018-14647.patch: call SetHashSalt in
      Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c.
    - CVE-2018-14647

applied/ubuntu/trusty-devel 2018-11-13 15:28:15 UTC 2018-11-13
Import patches-applied version 2.7.6-8ubuntu0.5 to applied/ubuntu/trusty-secu...

Author: Marc Deslauriers
Author Date: 2018-11-12 16:49:11 UTC

Import patches-applied version 2.7.6-8ubuntu0.5 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: a926ed3dfcd1932dbf8dc25ec431720c31ff779c
Unapplied parent: fba00f4b374e0d7fb75866f4bc57afaedd4167b2

New changelog entries:
  * SECURITY UPDATE: heap buffer overflow via race condition
    - debian/patches/CVE-2018-1000030-1.patch: stop crashes when iterating
      over a file on multiple threads in Lib/test/test_file2k.py,
      Objects/fileobject.c.
    - debian/patches/CVE-2018-1000030-2.patch: fix crash when multiple
      threads iterate over a file in Lib/test/test_file2k.py,
      Objects/fileobject.c.
    - CVE-2018-1000030
  * SECURITY UPDATE: command injection in shutil module
    - debian/patches/CVE-2018-1000802.patch: use subprocess rather than
      distutils.spawn in Lib/shutil.py.
    - CVE-2018-1000802
  * SECURITY UPDATE: DoS via catastrophic backtracking
    - debian/patches/CVE-2018-106x.patch: fix expressions in
      Lib/difflib.py, Lib/poplib.py. Added tests to
      Lib/test/test_difflib.py, Lib/test/test_poplib.py.
    - CVE-2018-1060
    - CVE-2018-1061
  * SECURITY UPDATE: incorrect Expat hash salt initialization
    - debian/patches/CVE-2018-14647.patch: call SetHashSalt in
      Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c.
    - CVE-2018-14647

ubuntu/trusty-updates 2018-11-13 15:28:15 UTC 2018-11-13
Import patches-unapplied version 2.7.6-8ubuntu0.5 to ubuntu/trusty-security

Author: Marc Deslauriers
Author Date: 2018-11-12 16:49:11 UTC

Import patches-unapplied version 2.7.6-8ubuntu0.5 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 2d213cad3e01a588088f9ddf1771fa008fccbd9d

New changelog entries:
  * SECURITY UPDATE: heap buffer overflow via race condition
    - debian/patches/CVE-2018-1000030-1.patch: stop crashes when iterating
      over a file on multiple threads in Lib/test/test_file2k.py,
      Objects/fileobject.c.
    - debian/patches/CVE-2018-1000030-2.patch: fix crash when multiple
      threads iterate over a file in Lib/test/test_file2k.py,
      Objects/fileobject.c.
    - CVE-2018-1000030
  * SECURITY UPDATE: command injection in shutil module
    - debian/patches/CVE-2018-1000802.patch: use subprocess rather than
      distutils.spawn in Lib/shutil.py.
    - CVE-2018-1000802
  * SECURITY UPDATE: DoS via catastrophic backtracking
    - debian/patches/CVE-2018-106x.patch: fix expressions in
      Lib/difflib.py, Lib/poplib.py. Added tests to
      Lib/test/test_difflib.py, Lib/test/test_poplib.py.
    - CVE-2018-1060
    - CVE-2018-1061
  * SECURITY UPDATE: incorrect Expat hash salt initialization
    - debian/patches/CVE-2018-14647.patch: call SetHashSalt in
      Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c.
    - CVE-2018-14647

applied/ubuntu/trusty-security 2018-11-13 15:28:15 UTC 2018-11-13
Import patches-applied version 2.7.6-8ubuntu0.5 to applied/ubuntu/trusty-secu...

Author: Marc Deslauriers
Author Date: 2018-11-12 16:49:11 UTC

Import patches-applied version 2.7.6-8ubuntu0.5 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: a926ed3dfcd1932dbf8dc25ec431720c31ff779c
Unapplied parent: fba00f4b374e0d7fb75866f4bc57afaedd4167b2

New changelog entries:
  * SECURITY UPDATE: heap buffer overflow via race condition
    - debian/patches/CVE-2018-1000030-1.patch: stop crashes when iterating
      over a file on multiple threads in Lib/test/test_file2k.py,
      Objects/fileobject.c.
    - debian/patches/CVE-2018-1000030-2.patch: fix crash when multiple
      threads iterate over a file in Lib/test/test_file2k.py,
      Objects/fileobject.c.
    - CVE-2018-1000030
  * SECURITY UPDATE: command injection in shutil module
    - debian/patches/CVE-2018-1000802.patch: use subprocess rather than
      distutils.spawn in Lib/shutil.py.
    - CVE-2018-1000802
  * SECURITY UPDATE: DoS via catastrophic backtracking
    - debian/patches/CVE-2018-106x.patch: fix expressions in
      Lib/difflib.py, Lib/poplib.py. Added tests to
      Lib/test/test_difflib.py, Lib/test/test_poplib.py.
    - CVE-2018-1060
    - CVE-2018-1061
  * SECURITY UPDATE: incorrect Expat hash salt initialization
    - debian/patches/CVE-2018-14647.patch: call SetHashSalt in
      Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c.
    - CVE-2018-14647

applied/ubuntu/trusty-updates 2018-11-13 15:28:15 UTC 2018-11-13
Import patches-applied version 2.7.6-8ubuntu0.5 to applied/ubuntu/trusty-secu...

Author: Marc Deslauriers
Author Date: 2018-11-12 16:49:11 UTC

Import patches-applied version 2.7.6-8ubuntu0.5 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: a926ed3dfcd1932dbf8dc25ec431720c31ff779c
Unapplied parent: fba00f4b374e0d7fb75866f4bc57afaedd4167b2

New changelog entries:
  * SECURITY UPDATE: heap buffer overflow via race condition
    - debian/patches/CVE-2018-1000030-1.patch: stop crashes when iterating
      over a file on multiple threads in Lib/test/test_file2k.py,
      Objects/fileobject.c.
    - debian/patches/CVE-2018-1000030-2.patch: fix crash when multiple
      threads iterate over a file in Lib/test/test_file2k.py,
      Objects/fileobject.c.
    - CVE-2018-1000030
  * SECURITY UPDATE: command injection in shutil module
    - debian/patches/CVE-2018-1000802.patch: use subprocess rather than
      distutils.spawn in Lib/shutil.py.
    - CVE-2018-1000802
  * SECURITY UPDATE: DoS via catastrophic backtracking
    - debian/patches/CVE-2018-106x.patch: fix expressions in
      Lib/difflib.py, Lib/poplib.py. Added tests to
      Lib/test/test_difflib.py, Lib/test/test_poplib.py.
    - CVE-2018-1060
    - CVE-2018-1061
  * SECURITY UPDATE: incorrect Expat hash salt initialization
    - debian/patches/CVE-2018-14647.patch: call SetHashSalt in
      Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c.
    - CVE-2018-14647

ubuntu/trusty-security 2018-11-13 15:28:15 UTC 2018-11-13
Import patches-unapplied version 2.7.6-8ubuntu0.5 to ubuntu/trusty-security

Author: Marc Deslauriers
Author Date: 2018-11-12 16:49:11 UTC

Import patches-unapplied version 2.7.6-8ubuntu0.5 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 2d213cad3e01a588088f9ddf1771fa008fccbd9d

New changelog entries:
  * SECURITY UPDATE: heap buffer overflow via race condition
    - debian/patches/CVE-2018-1000030-1.patch: stop crashes when iterating
      over a file on multiple threads in Lib/test/test_file2k.py,
      Objects/fileobject.c.
    - debian/patches/CVE-2018-1000030-2.patch: fix crash when multiple
      threads iterate over a file in Lib/test/test_file2k.py,
      Objects/fileobject.c.
    - CVE-2018-1000030
  * SECURITY UPDATE: command injection in shutil module
    - debian/patches/CVE-2018-1000802.patch: use subprocess rather than
      distutils.spawn in Lib/shutil.py.
    - CVE-2018-1000802
  * SECURITY UPDATE: DoS via catastrophic backtracking
    - debian/patches/CVE-2018-106x.patch: fix expressions in
      Lib/difflib.py, Lib/poplib.py. Added tests to
      Lib/test/test_difflib.py, Lib/test/test_poplib.py.
    - CVE-2018-1060
    - CVE-2018-1061
  * SECURITY UPDATE: incorrect Expat hash salt initialization
    - debian/patches/CVE-2018-14647.patch: call SetHashSalt in
      Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c.
    - CVE-2018-14647

debian/stretch 2018-11-10 17:10:46 UTC 2018-11-10
Import patches-unapplied version 2.7.13-2+deb9u3 to debian/stretch

Author: Moritz Mühlenhoff
Author Date: 2018-09-26 18:42:22 UTC

Import patches-unapplied version 2.7.13-2+deb9u3 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: fb2b3c4a2f3186134a2ccf538ee12a3a3c255af3

New changelog entries:
  * CVE-2018-1000802, CVE-2018-1060, CVE-2018-1061, CVE-2018-14647

applied/debian/stretch 2018-11-10 17:10:46 UTC 2018-11-10
Import patches-applied version 2.7.13-2+deb9u3 to applied/debian/stretch

Author: Moritz Mühlenhoff
Author Date: 2018-09-26 18:42:22 UTC

Import patches-applied version 2.7.13-2+deb9u3 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: 012047150df5fc7eabb040368c35019113e90156
Unapplied parent: cf7a962743812b2f96f3dbc0a1126a719d6e3905

New changelog entries:
  * CVE-2018-1000802, CVE-2018-1060, CVE-2018-1061, CVE-2018-14647

applied/ubuntu/cosmic 2018-10-02 23:38:17 UTC 2018-10-02
Import patches-applied version 2.7.15-4ubuntu4 to applied/ubuntu/cosmic-proposed

Author: Dimitri John Ledkov
Author Date: 2018-10-02 22:12:08 UTC

Import patches-applied version 2.7.15-4ubuntu4 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 78b5c2e4607ff954685ed950e48461d154b5ce59
Unapplied parent: 20968df9d13f01c5f74bdc90eacd858ed2f93c7c

New changelog entries:
  * Cherrypick in-progress backports to 2.7 branch from 3.6 branch to fix
    test_ssl assertions with openssl 1.1.1. Resolves autopkgtest failure
    of the 2.7 with openssl 1.1.1.

ubuntu/cosmic 2018-10-02 23:38:17 UTC 2018-10-02
Import patches-unapplied version 2.7.15-4ubuntu4 to ubuntu/cosmic-proposed

Author: Dimitri John Ledkov
Author Date: 2018-10-02 22:12:08 UTC

Import patches-unapplied version 2.7.15-4ubuntu4 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: a643efecb0039ef3ff0f1678857a487047d710ec

New changelog entries:
  * Cherrypick in-progress backports to 2.7 branch from 3.6 branch to fix
    test_ssl assertions with openssl 1.1.1. Resolves autopkgtest failure
    of the 2.7 with openssl 1.1.1.

ubuntu/bionic 2018-04-16 04:37:45 UTC 2018-04-16
Import patches-unapplied version 2.7.15~rc1-1 to debian/sid

Author: Matthias Klose
Author Date: 2018-04-15 21:51:34 UTC

Import patches-unapplied version 2.7.15~rc1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 563e1e90dd7c9fc43b1036e4aa4315d438839817

New changelog entries:
  * Python 2.7.15 release candidate 1.

applied/ubuntu/bionic 2018-04-16 04:37:45 UTC 2018-04-16
Import patches-applied version 2.7.15~rc1-1 to applied/debian/sid

Author: Matthias Klose
Author Date: 2018-04-15 21:51:34 UTC

Import patches-applied version 2.7.15~rc1-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 0513b46857395ec74cce2bb964a7d6836e08780e
Unapplied parent: 4aacec9c6971a8f270d322929f29075c67429025

New changelog entries:
  * Python 2.7.15 release candidate 1.

importer/ubuntu/pristine-tar 2018-03-09 02:29:04 UTC 2018-03-09
pristine-tar data for python2.7_2.7.14.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-09 02:29:04 UTC

pristine-tar data for python2.7_2.7.14.orig.tar.gz

importer/debian/pristine-tar 2018-03-08 23:52:02 UTC 2018-03-08
pristine-tar data for python2.7_2.7.14.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-08 23:52:02 UTC

pristine-tar data for python2.7_2.7.14.orig.tar.gz

applied/ubuntu/xenial-proposed 2017-12-04 17:09:18 UTC 2017-12-04
Import patches-applied version 2.7.12-1ubuntu0~16.04.3 to applied/ubuntu/xeni...

Author: Matthias Klose
Author Date: 2017-12-04 14:50:18 UTC

Import patches-applied version 2.7.12-1ubuntu0~16.04.3 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 2bf439f0a143e2825c22f0a95ab76f9c1b2e13fc
Unapplied parent: 025a1151d07425c03fdf2f921d35a7625f90da31

New changelog entries:
  * Some performance improvements: LP: #1638695.
    - Build the _math.o object file without -fPIC for static builds.
  * Rename md5_* functions to _Py_md5_*. Closes: #868366. LP: #1734109.
  * Explicitly use the system python for byte compilation in postinst scripts.
    LP: #1682934.
  * Fix issue #22636: Avoid shell injection problems with
    ctypes.util.find_library(). LP: #1512068.

ubuntu/xenial-proposed 2017-12-04 17:09:18 UTC 2017-12-04
Import patches-unapplied version 2.7.12-1ubuntu0~16.04.3 to ubuntu/xenial-pro...

Author: Matthias Klose
Author Date: 2017-12-04 14:50:18 UTC

Import patches-unapplied version 2.7.12-1ubuntu0~16.04.3 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 9f2db7380b852d9bc18e3a9d0506d39b056eaf23

New changelog entries:
  * Some performance improvements: LP: #1638695.
    - Build the _math.o object file without -fPIC for static builds.
  * Rename md5_* functions to _Py_md5_*. Closes: #868366. LP: #1734109.
  * Explicitly use the system python for byte compilation in postinst scripts.
    LP: #1682934.
  * Fix issue #22636: Avoid shell injection problems with
    ctypes.util.find_library(). LP: #1512068.

applied/ubuntu/zesty-devel 2017-12-04 16:14:13 UTC 2017-12-04
Import patches-applied version 2.7.13-2ubuntu0.2 to applied/ubuntu/zesty-prop...

Author: Matthias Klose
Author Date: 2017-12-04 14:53:22 UTC

Import patches-applied version 2.7.13-2ubuntu0.2 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 8ea8d125be6715f36cc746151a7b00cdfe91c7c7
Unapplied parent: 0866fe19176560f89a36d3614836e934036171f0

New changelog entries:
  * Some performance improvements: LP: #1638695.
    - Build the _math.o object file without -fPIC for static builds.
  * Rename md5_* functions to _Py_md5_*. Closes: #868366. LP: #1734109.
  * Explicitly use the system python for byte compilation in postinst scripts.
    LP: #1682934.

applied/ubuntu/zesty-proposed 2017-12-04 16:14:13 UTC 2017-12-04
Import patches-applied version 2.7.13-2ubuntu0.2 to applied/ubuntu/zesty-prop...

Author: Matthias Klose
Author Date: 2017-12-04 14:53:22 UTC

Import patches-applied version 2.7.13-2ubuntu0.2 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 8ea8d125be6715f36cc746151a7b00cdfe91c7c7
Unapplied parent: 0866fe19176560f89a36d3614836e934036171f0

New changelog entries:
  * Some performance improvements: LP: #1638695.
    - Build the _math.o object file without -fPIC for static builds.
  * Rename md5_* functions to _Py_md5_*. Closes: #868366. LP: #1734109.
  * Explicitly use the system python for byte compilation in postinst scripts.
    LP: #1682934.

ubuntu/zesty-proposed 2017-12-04 16:14:13 UTC 2017-12-04
Import patches-unapplied version 2.7.13-2ubuntu0.2 to ubuntu/zesty-proposed

Author: Matthias Klose
Author Date: 2017-12-04 14:53:22 UTC

Import patches-unapplied version 2.7.13-2ubuntu0.2 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 43a1709ee6a03a7aac169bfbdb0c40ad3ca5b68c

New changelog entries:
  * Some performance improvements: LP: #1638695.
    - Build the _math.o object file without -fPIC for static builds.
  * Rename md5_* functions to _Py_md5_*. Closes: #868366. LP: #1734109.
  * Explicitly use the system python for byte compilation in postinst scripts.
    LP: #1682934.

ubuntu/zesty-devel 2017-12-04 16:14:13 UTC 2017-12-04
Import patches-unapplied version 2.7.13-2ubuntu0.2 to ubuntu/zesty-proposed

Author: Matthias Klose
Author Date: 2017-12-04 14:53:22 UTC

Import patches-unapplied version 2.7.13-2ubuntu0.2 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 43a1709ee6a03a7aac169bfbdb0c40ad3ca5b68c

New changelog entries:
  * Some performance improvements: LP: #1638695.
    - Build the _math.o object file without -fPIC for static builds.
  * Rename md5_* functions to _Py_md5_*. Closes: #868366. LP: #1734109.
  * Explicitly use the system python for byte compilation in postinst scripts.
    LP: #1682934.

ubuntu/zesty-security 2017-11-28 16:13:35 UTC 2017-11-28
Import patches-unapplied version 2.7.13-2ubuntu0.1 to ubuntu/zesty-security

Author: Leonidas S. Barbosa
Author Date: 2017-11-23 15:37:09 UTC

Import patches-unapplied version 2.7.13-2ubuntu0.1 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: b5be79340d03c5dbc2af9692077912aae8d5c552

New changelog entries:
  * SECURITY UPDATE: integer overflow in the PyString_DecodeEscape
    function
    - debian/patches/CVE-2017-1000158.patch: fix this integer overflow
      in Objects/stringobject.c.
    - CVE-2017-1000158

ubuntu/zesty-updates 2017-11-28 16:13:35 UTC 2017-11-28
Import patches-unapplied version 2.7.13-2ubuntu0.1 to ubuntu/zesty-security

Author: Leonidas S. Barbosa
Author Date: 2017-11-23 15:37:09 UTC

Import patches-unapplied version 2.7.13-2ubuntu0.1 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: b5be79340d03c5dbc2af9692077912aae8d5c552

New changelog entries:
  * SECURITY UPDATE: integer overflow in the PyString_DecodeEscape
    function
    - debian/patches/CVE-2017-1000158.patch: fix this integer overflow
      in Objects/stringobject.c.
    - CVE-2017-1000158

applied/ubuntu/zesty-updates 2017-11-28 16:13:35 UTC 2017-11-28
Import patches-applied version 2.7.13-2ubuntu0.1 to applied/ubuntu/zesty-secu...

Author: Leonidas S. Barbosa
Author Date: 2017-11-23 15:37:09 UTC

Import patches-applied version 2.7.13-2ubuntu0.1 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: c08d542f356046c1fb66b284e72b962bc3d5374a
Unapplied parent: 43a1709ee6a03a7aac169bfbdb0c40ad3ca5b68c

New changelog entries:
  * SECURITY UPDATE: integer overflow in the PyString_DecodeEscape
    function
    - debian/patches/CVE-2017-1000158.patch: fix this integer overflow
      in Objects/stringobject.c.
    - CVE-2017-1000158

applied/ubuntu/zesty-security 2017-11-28 16:13:35 UTC 2017-11-28
Import patches-applied version 2.7.13-2ubuntu0.1 to applied/ubuntu/zesty-secu...

Author: Leonidas S. Barbosa
Author Date: 2017-11-23 15:37:09 UTC

Import patches-applied version 2.7.13-2ubuntu0.1 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: c08d542f356046c1fb66b284e72b962bc3d5374a
Unapplied parent: 43a1709ee6a03a7aac169bfbdb0c40ad3ca5b68c

New changelog entries:
  * SECURITY UPDATE: integer overflow in the PyString_DecodeEscape
    function
    - debian/patches/CVE-2017-1000158.patch: fix this integer overflow
      in Objects/stringobject.c.
    - CVE-2017-1000158

applied/ubuntu/artful-devel 2017-09-23 22:34:31 UTC 2017-09-23
Import patches-applied version 2.7.14-2ubuntu2 to applied/ubuntu/artful-proposed

Author: Matthias Klose
Author Date: 2017-09-23 22:06:14 UTC

Import patches-applied version 2.7.14-2ubuntu2 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 1991398e2534e74ff889d44f96584e9113c29bcd
Unapplied parent: 040fbbdfbafef16772675bc8fb28784760074880

New changelog entries:
  * Build with -fstack-protector instead of -fstack-protector-strong.
    Performance improvements of around 1-2% according to LP #1638695.

applied/ubuntu/artful 2017-09-23 22:34:31 UTC 2017-09-23
Import patches-applied version 2.7.14-2ubuntu2 to applied/ubuntu/artful-proposed

Author: Matthias Klose
Author Date: 2017-09-23 22:06:14 UTC

Import patches-applied version 2.7.14-2ubuntu2 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 1991398e2534e74ff889d44f96584e9113c29bcd
Unapplied parent: 040fbbdfbafef16772675bc8fb28784760074880

New changelog entries:
  * Build with -fstack-protector instead of -fstack-protector-strong.
    Performance improvements of around 1-2% according to LP #1638695.

ubuntu/artful 2017-09-23 22:34:31 UTC 2017-09-23
Import patches-unapplied version 2.7.14-2ubuntu2 to ubuntu/artful-proposed

Author: Matthias Klose
Author Date: 2017-09-23 22:06:14 UTC

Import patches-unapplied version 2.7.14-2ubuntu2 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 6a3d48637e79c2ef7c38206855e73ef572173019

New changelog entries:
  * Build with -fstack-protector instead of -fstack-protector-strong.
    Performance improvements of around 1-2% according to LP #1638695.

applied/ubuntu/artful-proposed 2017-09-23 22:34:31 UTC 2017-09-23
Import patches-applied version 2.7.14-2ubuntu2 to applied/ubuntu/artful-proposed

Author: Matthias Klose
Author Date: 2017-09-23 22:06:14 UTC

Import patches-applied version 2.7.14-2ubuntu2 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 1991398e2534e74ff889d44f96584e9113c29bcd
Unapplied parent: 040fbbdfbafef16772675bc8fb28784760074880

New changelog entries:
  * Build with -fstack-protector instead of -fstack-protector-strong.
    Performance improvements of around 1-2% according to LP #1638695.

ubuntu/artful-proposed 2017-09-23 22:34:31 UTC 2017-09-23
Import patches-unapplied version 2.7.14-2ubuntu2 to ubuntu/artful-proposed

Author: Matthias Klose
Author Date: 2017-09-23 22:06:14 UTC

Import patches-unapplied version 2.7.14-2ubuntu2 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 6a3d48637e79c2ef7c38206855e73ef572173019

New changelog entries:
  * Build with -fstack-protector instead of -fstack-protector-strong.
    Performance improvements of around 1-2% according to LP #1638695.

ubuntu/artful-devel 2017-09-23 22:34:31 UTC 2017-09-23
Import patches-unapplied version 2.7.14-2ubuntu2 to ubuntu/artful-proposed

Author: Matthias Klose
Author Date: 2017-09-23 22:06:14 UTC

Import patches-unapplied version 2.7.14-2ubuntu2 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 6a3d48637e79c2ef7c38206855e73ef572173019

New changelog entries:
  * Build with -fstack-protector instead of -fstack-protector-strong.
    Performance improvements of around 1-2% according to LP #1638695.

ubuntu/zesty 2017-01-19 22:26:02 UTC 2017-01-19
Import patches-unapplied version 2.7.13-2 to debian/sid

Author: Matthias Klose
Author Date: 2017-01-19 14:48:08 UTC

Import patches-unapplied version 2.7.13-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: aa917372088f740cfddb159ac11bc588b7812f97

New changelog entries:
  * Lower priority of interpreter packages to optional.

applied/ubuntu/zesty 2017-01-19 22:26:02 UTC 2017-01-19
Import patches-applied version 2.7.13-2 to applied/debian/sid

Author: Matthias Klose
Author Date: 2017-01-19 14:48:08 UTC

Import patches-applied version 2.7.13-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 5525b410eee6de7c96541b4fe02a34b88a82134c
Unapplied parent: b5be79340d03c5dbc2af9692077912aae8d5c552

New changelog entries:
  * Lower priority of interpreter packages to optional.

ubuntu/precise-updates 2016-11-22 18:38:11 UTC 2016-11-22
Import patches-unapplied version 2.7.3-0ubuntu3.9 to ubuntu/precise-security

Author: Steve Beattie
Author Date: 2016-10-25 22:38:47 UTC

Import patches-unapplied version 2.7.3-0ubuntu3.9 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 056b0b01ddf16662f0101343a31efa8cc3804e2f

New changelog entries:
  * SECURITY UPDATE: StartTLS stripping attack
    - debian/patches/CVE-2016-0772.patch: raise an error when
      STARTTLS fails in Lib/smtplib.py.
    - CVE-2016-0772
  * SECURITY UPDATE: use of HTTP_PROXY flag supplied by attacker in CGI
    scripts (aka HTTPOXY attack)
    - debian/patches/CVE-2016-1000110-pre.patch: prefer lower_case
      proxy environment variables over UPPER_CASE or Mixed_Case ones.
    - debian/patches/CVE-2016-1000110.patch: if running as CGI
      script, forget HTTP_PROXY in Lib/urllib.py, add test to
      Lib/test/test_urllib.py, add documentation.
    - CVE-2016-1000110
  * SECURITY UPDATE: Integer overflow when handling zipfiles
    - debian/patches/CVE-2016-5636-pre.patch: check for negative size in
      Modules/zipimport.c
    - debian/patches/CVE-2016-5636.patch: check for too large value in
      Modules/zipimport.c
    - CVE-2016-5636
  * SECURITY UPDATE: CRLF injection vulnerability in the
    HTTPConnection.putheader
    - debian/patches/CVE-2016-5699.patch: disallow newlines in
      putheader() arguments when not followed by spaces or tabs in
      Lib/httplib.py, add tests in Lib/test/test_httplib.py
    - CVE-2016-5699

applied/ubuntu/precise-devel 2016-11-22 18:38:11 UTC 2016-11-22
Import patches-applied version 2.7.3-0ubuntu3.9 to applied/ubuntu/precise-sec...

Author: Steve Beattie
Author Date: 2016-10-25 22:38:47 UTC

Import patches-applied version 2.7.3-0ubuntu3.9 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 1792355e7f18922b3b40d4390692aa0efb4259f1
Unapplied parent: fd7c60e2a2edfaa9eede7840455c5716a285391c

New changelog entries:
  * SECURITY UPDATE: StartTLS stripping attack
    - debian/patches/CVE-2016-0772.patch: raise an error when
      STARTTLS fails in Lib/smtplib.py.
    - CVE-2016-0772
  * SECURITY UPDATE: use of HTTP_PROXY flag supplied by attacker in CGI
    scripts (aka HTTPOXY attack)
    - debian/patches/CVE-2016-1000110-pre.patch: prefer lower_case
      proxy environment variables over UPPER_CASE or Mixed_Case ones.
    - debian/patches/CVE-2016-1000110.patch: if running as CGI
      script, forget HTTP_PROXY in Lib/urllib.py, add test to
      Lib/test/test_urllib.py, add documentation.
    - CVE-2016-1000110
  * SECURITY UPDATE: Integer overflow when handling zipfiles
    - debian/patches/CVE-2016-5636-pre.patch: check for negative size in
      Modules/zipimport.c
    - debian/patches/CVE-2016-5636.patch: check for too large value in
      Modules/zipimport.c
    - CVE-2016-5636
  * SECURITY UPDATE: CRLF injection vulnerability in the
    HTTPConnection.putheader
    - debian/patches/CVE-2016-5699.patch: disallow newlines in
      putheader() arguments when not followed by spaces or tabs in
      Lib/httplib.py, add tests in Lib/test/test_httplib.py
    - CVE-2016-5699

applied/ubuntu/precise-security 2016-11-22 18:38:11 UTC 2016-11-22
Import patches-applied version 2.7.3-0ubuntu3.9 to applied/ubuntu/precise-sec...

Author: Steve Beattie
Author Date: 2016-10-25 22:38:47 UTC

Import patches-applied version 2.7.3-0ubuntu3.9 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 1792355e7f18922b3b40d4390692aa0efb4259f1
Unapplied parent: fd7c60e2a2edfaa9eede7840455c5716a285391c

New changelog entries:
  * SECURITY UPDATE: StartTLS stripping attack
    - debian/patches/CVE-2016-0772.patch: raise an error when
      STARTTLS fails in Lib/smtplib.py.
    - CVE-2016-0772
  * SECURITY UPDATE: use of HTTP_PROXY flag supplied by attacker in CGI
    scripts (aka HTTPOXY attack)
    - debian/patches/CVE-2016-1000110-pre.patch: prefer lower_case
      proxy environment variables over UPPER_CASE or Mixed_Case ones.
    - debian/patches/CVE-2016-1000110.patch: if running as CGI
      script, forget HTTP_PROXY in Lib/urllib.py, add test to
      Lib/test/test_urllib.py, add documentation.
    - CVE-2016-1000110
  * SECURITY UPDATE: Integer overflow when handling zipfiles
    - debian/patches/CVE-2016-5636-pre.patch: check for negative size in
      Modules/zipimport.c
    - debian/patches/CVE-2016-5636.patch: check for too large value in
      Modules/zipimport.c
    - CVE-2016-5636
  * SECURITY UPDATE: CRLF injection vulnerability in the
    HTTPConnection.putheader
    - debian/patches/CVE-2016-5699.patch: disallow newlines in
      putheader() arguments when not followed by spaces or tabs in
      Lib/httplib.py, add tests in Lib/test/test_httplib.py
    - CVE-2016-5699

applied/ubuntu/precise-updates 2016-11-22 18:38:11 UTC 2016-11-22
Import patches-applied version 2.7.3-0ubuntu3.9 to applied/ubuntu/precise-sec...

Author: Steve Beattie
Author Date: 2016-10-25 22:38:47 UTC

Import patches-applied version 2.7.3-0ubuntu3.9 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 1792355e7f18922b3b40d4390692aa0efb4259f1
Unapplied parent: fd7c60e2a2edfaa9eede7840455c5716a285391c

New changelog entries:
  * SECURITY UPDATE: StartTLS stripping attack
    - debian/patches/CVE-2016-0772.patch: raise an error when
      STARTTLS fails in Lib/smtplib.py.
    - CVE-2016-0772
  * SECURITY UPDATE: use of HTTP_PROXY flag supplied by attacker in CGI
    scripts (aka HTTPOXY attack)
    - debian/patches/CVE-2016-1000110-pre.patch: prefer lower_case
      proxy environment variables over UPPER_CASE or Mixed_Case ones.
    - debian/patches/CVE-2016-1000110.patch: if running as CGI
      script, forget HTTP_PROXY in Lib/urllib.py, add test to
      Lib/test/test_urllib.py, add documentation.
    - CVE-2016-1000110
  * SECURITY UPDATE: Integer overflow when handling zipfiles
    - debian/patches/CVE-2016-5636-pre.patch: check for negative size in
      Modules/zipimport.c
    - debian/patches/CVE-2016-5636.patch: check for too large value in
      Modules/zipimport.c
    - CVE-2016-5636
  * SECURITY UPDATE: CRLF injection vulnerability in the
    HTTPConnection.putheader
    - debian/patches/CVE-2016-5699.patch: disallow newlines in
      putheader() arguments when not followed by spaces or tabs in
      Lib/httplib.py, add tests in Lib/test/test_httplib.py
    - CVE-2016-5699

ubuntu/precise-devel 2016-11-22 18:38:11 UTC 2016-11-22
Import patches-unapplied version 2.7.3-0ubuntu3.9 to ubuntu/precise-security

Author: Steve Beattie
Author Date: 2016-10-25 22:38:47 UTC

Import patches-unapplied version 2.7.3-0ubuntu3.9 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 056b0b01ddf16662f0101343a31efa8cc3804e2f

New changelog entries:
  * SECURITY UPDATE: StartTLS stripping attack
    - debian/patches/CVE-2016-0772.patch: raise an error when
      STARTTLS fails in Lib/smtplib.py.
    - CVE-2016-0772
  * SECURITY UPDATE: use of HTTP_PROXY flag supplied by attacker in CGI
    scripts (aka HTTPOXY attack)
    - debian/patches/CVE-2016-1000110-pre.patch: prefer lower_case
      proxy environment variables over UPPER_CASE or Mixed_Case ones.
    - debian/patches/CVE-2016-1000110.patch: if running as CGI
      script, forget HTTP_PROXY in Lib/urllib.py, add test to
      Lib/test/test_urllib.py, add documentation.
    - CVE-2016-1000110
  * SECURITY UPDATE: Integer overflow when handling zipfiles
    - debian/patches/CVE-2016-5636-pre.patch: check for negative size in
      Modules/zipimport.c
    - debian/patches/CVE-2016-5636.patch: check for too large value in
      Modules/zipimport.c
    - CVE-2016-5636
  * SECURITY UPDATE: CRLF injection vulnerability in the
    HTTPConnection.putheader
    - debian/patches/CVE-2016-5699.patch: disallow newlines in
      putheader() arguments when not followed by spaces or tabs in
      Lib/httplib.py, add tests in Lib/test/test_httplib.py
    - CVE-2016-5699

ubuntu/precise-security 2016-11-22 18:38:11 UTC 2016-11-22
Import patches-unapplied version 2.7.3-0ubuntu3.9 to ubuntu/precise-security

Author: Steve Beattie
Author Date: 2016-10-25 22:38:47 UTC

Import patches-unapplied version 2.7.3-0ubuntu3.9 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 056b0b01ddf16662f0101343a31efa8cc3804e2f

New changelog entries:
  * SECURITY UPDATE: StartTLS stripping attack
    - debian/patches/CVE-2016-0772.patch: raise an error when
      STARTTLS fails in Lib/smtplib.py.
    - CVE-2016-0772
  * SECURITY UPDATE: use of HTTP_PROXY flag supplied by attacker in CGI
    scripts (aka HTTPOXY attack)
    - debian/patches/CVE-2016-1000110-pre.patch: prefer lower_case
      proxy environment variables over UPPER_CASE or Mixed_Case ones.
    - debian/patches/CVE-2016-1000110.patch: if running as CGI
      script, forget HTTP_PROXY in Lib/urllib.py, add test to
      Lib/test/test_urllib.py, add documentation.
    - CVE-2016-1000110
  * SECURITY UPDATE: Integer overflow when handling zipfiles
    - debian/patches/CVE-2016-5636-pre.patch: check for negative size in
      Modules/zipimport.c
    - debian/patches/CVE-2016-5636.patch: check for too large value in
      Modules/zipimport.c
    - CVE-2016-5636
  * SECURITY UPDATE: CRLF injection vulnerability in the
    HTTPConnection.putheader
    - debian/patches/CVE-2016-5699.patch: disallow newlines in
      putheader() arguments when not followed by spaces or tabs in
      Lib/httplib.py, add tests in Lib/test/test_httplib.py
    - CVE-2016-5699

debian/jessie 2016-09-17 17:31:19 UTC 2016-09-17
Import patches-unapplied version 2.7.9-2+deb8u1 to debian/jessie

Author: Moritz Mühlenhoff
Author Date: 2016-06-28 22:02:23 UTC

Import patches-unapplied version 2.7.9-2+deb8u1 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 18b02ff4e95e9a6fe28b034ab04cf19117ac7945

New changelog entries:
  * Backport upstream commit b3ce713fb9beebfff9848cefa0acbd59acc68fe9
    to address StartTLS stripping attack in smtplib (CVE-2016-0772)
  * Backport upstream commit 985fc64c60d6adffd1138b6cc46df388ca91ca5d
    to address integer overflow in zipimporter (CVE-2016-5636)
  * Backport upstream commit 1c45047c51020d46246385949d5c02e026d47320
    to address HTTP header injection (CVE-2016-5699)

applied/debian/jessie 2016-09-17 17:31:19 UTC 2016-09-17
Import patches-applied version 2.7.9-2+deb8u1 to applied/debian/jessie

Author: Moritz Mühlenhoff
Author Date: 2016-06-28 22:02:23 UTC

Import patches-applied version 2.7.9-2+deb8u1 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: c30eaaf8e6e88819f960d626100bafabf428e527
Unapplied parent: edc0401d4e9e994135ca601148a7a1ebca9e8019

New changelog entries:
  * Backport upstream commit b3ce713fb9beebfff9848cefa0acbd59acc68fe9
    to address StartTLS stripping attack in smtplib (CVE-2016-0772)
  * Backport upstream commit 985fc64c60d6adffd1138b6cc46df388ca91ca5d
    to address integer overflow in zipimporter (CVE-2016-5636)
  * Backport upstream commit 1c45047c51020d46246385949d5c02e026d47320
    to address HTTP header injection (CVE-2016-5699)

ubuntu/yakkety-devel 2016-09-17 13:20:01 UTC 2016-09-17
Import patches-unapplied version 2.7.12-3build1 to ubuntu/yakkety-proposed

Author: Matthias Klose
Author Date: 2016-09-17 12:08:02 UTC

Import patches-unapplied version 2.7.12-3build1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 070e2d8c067e290f2cd7c222627ec32f83478621

New changelog entries:
  * No-change rebuild for readline soname change.

applied/ubuntu/yakkety 2016-09-17 13:20:01 UTC 2016-09-17
Import patches-applied version 2.7.12-3build1 to applied/ubuntu/yakkety-proposed

Author: Matthias Klose
Author Date: 2016-09-17 12:08:02 UTC

Import patches-applied version 2.7.12-3build1 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 174f74c78b544c4c58db256e0735452c3b0f1ced
Unapplied parent: f0439a8bc26c30f05054d7d2abe73b45bc35957b

New changelog entries:
  * No-change rebuild for readline soname change.

ubuntu/yakkety-proposed 2016-09-17 13:20:01 UTC 2016-09-17
Import patches-unapplied version 2.7.12-3build1 to ubuntu/yakkety-proposed

Author: Matthias Klose
Author Date: 2016-09-17 12:08:02 UTC

Import patches-unapplied version 2.7.12-3build1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 070e2d8c067e290f2cd7c222627ec32f83478621

New changelog entries:
  * No-change rebuild for readline soname change.

ubuntu/yakkety 2016-09-17 13:20:01 UTC 2016-09-17
Import patches-unapplied version 2.7.12-3build1 to ubuntu/yakkety-proposed

Author: Matthias Klose
Author Date: 2016-09-17 12:08:02 UTC

Import patches-unapplied version 2.7.12-3build1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 070e2d8c067e290f2cd7c222627ec32f83478621

New changelog entries:
  * No-change rebuild for readline soname change.

applied/ubuntu/yakkety-proposed 2016-09-17 13:20:01 UTC 2016-09-17
Import patches-applied version 2.7.12-3build1 to applied/ubuntu/yakkety-proposed

Author: Matthias Klose
Author Date: 2016-09-17 12:08:02 UTC

Import patches-applied version 2.7.12-3build1 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 174f74c78b544c4c58db256e0735452c3b0f1ced
Unapplied parent: f0439a8bc26c30f05054d7d2abe73b45bc35957b

New changelog entries:
  * No-change rebuild for readline soname change.

applied/ubuntu/yakkety-devel 2016-09-17 13:20:01 UTC 2016-09-17
Import patches-applied version 2.7.12-3build1 to applied/ubuntu/yakkety-proposed

Author: Matthias Klose
Author Date: 2016-09-17 12:08:02 UTC

Import patches-applied version 2.7.12-3build1 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 174f74c78b544c4c58db256e0735452c3b0f1ced
Unapplied parent: f0439a8bc26c30f05054d7d2abe73b45bc35957b

New changelog entries:
  * No-change rebuild for readline soname change.

ubuntu/xenial 2016-04-17 15:48:56 UTC 2016-04-17
Import patches-unapplied version 2.7.11-7ubuntu1 to ubuntu/xenial-proposed

Author: Matthias Klose
Author Date: 2016-04-17 14:00:29 UTC

Import patches-unapplied version 2.7.11-7ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 977c8d3cb0054f13ddfd4b4d6008b081038b7881

New changelog entries:
  * Fix gdb auto-load symlink for the python2.7 binary. LP: #1571198.

applied/ubuntu/xenial 2016-04-17 15:48:56 UTC 2016-04-17
Import patches-applied version 2.7.11-7ubuntu1 to applied/ubuntu/xenial-proposed

Author: Matthias Klose
Author Date: 2016-04-17 14:00:29 UTC

Import patches-applied version 2.7.11-7ubuntu1 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 861f49bf3915228f2534e53f25ab34a764071d17
Unapplied parent: f489fe328da7681f670b1a47294ea2fbf141f203

New changelog entries:
  * Fix gdb auto-load symlink for the python2.7 binary. LP: #1571198.

ubuntu/wily-proposed 2015-10-14 16:54:27 UTC 2015-10-14
Import patches-unapplied version 2.7.10-4ubuntu1 to ubuntu/wily-proposed

Author: Matthias Klose
Author Date: 2015-10-14 16:09:02 UTC

Import patches-unapplied version 2.7.10-4ubuntu1 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 5377a9d391b385d62899b4106e0885785e61b134

New changelog entries:
  * Remove /etc/python2.7/cert-verification.conf, to be introduced in a
    Python 2.7 SRU for 14.04 LTS.

ubuntu/wily 2015-10-14 16:54:27 UTC 2015-10-14
Import patches-unapplied version 2.7.10-4ubuntu1 to ubuntu/wily-proposed

Author: Matthias Klose
Author Date: 2015-10-14 16:09:02 UTC

Import patches-unapplied version 2.7.10-4ubuntu1 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 5377a9d391b385d62899b4106e0885785e61b134

New changelog entries:
  * Remove /etc/python2.7/cert-verification.conf, to be introduced in a
    Python 2.7 SRU for 14.04 LTS.

applied/ubuntu/wily-devel 2015-10-14 16:54:27 UTC 2015-10-14
Import patches-applied version 2.7.10-4ubuntu1 to applied/ubuntu/wily-proposed

Author: Matthias Klose
Author Date: 2015-10-14 16:09:02 UTC

Import patches-applied version 2.7.10-4ubuntu1 to applied/ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: e047ed3dd484b15bfb1434641f6e9e3b784eb74f
Unapplied parent: 9f6f3c9ff6c04d60ffbd21c6762ad6e951db02f0

New changelog entries:
  * Remove /etc/python2.7/cert-verification.conf, to be introduced in a
    Python 2.7 SRU for 14.04 LTS.

applied/ubuntu/wily 2015-10-14 16:54:27 UTC 2015-10-14
Import patches-applied version 2.7.10-4ubuntu1 to applied/ubuntu/wily-proposed

Author: Matthias Klose
Author Date: 2015-10-14 16:09:02 UTC

Import patches-applied version 2.7.10-4ubuntu1 to applied/ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: e047ed3dd484b15bfb1434641f6e9e3b784eb74f
Unapplied parent: 9f6f3c9ff6c04d60ffbd21c6762ad6e951db02f0

New changelog entries:
  * Remove /etc/python2.7/cert-verification.conf, to be introduced in a
    Python 2.7 SRU for 14.04 LTS.

applied/ubuntu/wily-proposed 2015-10-14 16:54:27 UTC 2015-10-14
Import patches-applied version 2.7.10-4ubuntu1 to applied/ubuntu/wily-proposed

Author: Matthias Klose
Author Date: 2015-10-14 16:09:02 UTC

Import patches-applied version 2.7.10-4ubuntu1 to applied/ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: e047ed3dd484b15bfb1434641f6e9e3b784eb74f
Unapplied parent: 9f6f3c9ff6c04d60ffbd21c6762ad6e951db02f0

New changelog entries:
  * Remove /etc/python2.7/cert-verification.conf, to be introduced in a
    Python 2.7 SRU for 14.04 LTS.

ubuntu/wily-devel 2015-10-14 16:54:27 UTC 2015-10-14
Import patches-unapplied version 2.7.10-4ubuntu1 to ubuntu/wily-proposed

Author: Matthias Klose
Author Date: 2015-10-14 16:09:02 UTC

Import patches-unapplied version 2.7.10-4ubuntu1 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 5377a9d391b385d62899b4106e0885785e61b134

New changelog entries:
  * Remove /etc/python2.7/cert-verification.conf, to be introduced in a
    Python 2.7 SRU for 14.04 LTS.

applied/ubuntu/utopic-security 2015-06-25 11:43:40 UTC 2015-06-25
Import patches-applied version 2.7.8-10ubuntu1.1 to applied/ubuntu/utopic-sec...

Author: Marc Deslauriers
Author Date: 2015-06-18 13:25:31 UTC

Import patches-applied version 2.7.8-10ubuntu1.1 to applied/ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: f629513dba0ea614a45cefc631c8480ddd013327
Unapplied parent: bd24237e3d7a6d4e243e0dce1cd56aaae79f1619

New changelog entries:
  * SECURITY UPDATE: denial of service in multiple servers
    - debian/patches/CVE-2013-1752-poplib.patch: limit maximum line length
      in Lib/poplib.py, added test to Lib/test/test_poplib.py.
    - debian/patches/CVE-2013-1752-smtplib.patch: limit amount read from
      the network in Lib/smtplib.py, added test to
      Lib/test/test_smtplib.py.
    - CVE-2013-1752
  * SECURITY UPDATE: denial of service via xmlrpc gzip-compressed
    HTTP bodies
    - debian/patches/CVE-2013-1753.patch: add default limit in
      Lib/xmlrpclib.py, added test to Lib/test/test_xmlrpc.py.
    - CVE-2013-1753
  * debian/patches/fix_ssl_test_dh.patch: replace 512 bit dh key with a
    2014 bit one to fix test failure with OpenSSL security update.

applied/ubuntu/utopic-updates 2015-06-25 11:43:40 UTC 2015-06-25
Import patches-applied version 2.7.8-10ubuntu1.1 to applied/ubuntu/utopic-sec...

Author: Marc Deslauriers
Author Date: 2015-06-18 13:25:31 UTC

Import patches-applied version 2.7.8-10ubuntu1.1 to applied/ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: f629513dba0ea614a45cefc631c8480ddd013327
Unapplied parent: bd24237e3d7a6d4e243e0dce1cd56aaae79f1619

New changelog entries:
  * SECURITY UPDATE: denial of service in multiple servers
    - debian/patches/CVE-2013-1752-poplib.patch: limit maximum line length
      in Lib/poplib.py, added test to Lib/test/test_poplib.py.
    - debian/patches/CVE-2013-1752-smtplib.patch: limit amount read from
      the network in Lib/smtplib.py, added test to
      Lib/test/test_smtplib.py.
    - CVE-2013-1752
  * SECURITY UPDATE: denial of service via xmlrpc gzip-compressed
    HTTP bodies
    - debian/patches/CVE-2013-1753.patch: add default limit in
      Lib/xmlrpclib.py, added test to Lib/test/test_xmlrpc.py.
    - CVE-2013-1753
  * debian/patches/fix_ssl_test_dh.patch: replace 512 bit dh key with a
    2014 bit one to fix test failure with OpenSSL security update.

1100 of 178 results

Other repositories

Name Last Modified
lp:ubuntu/+source/python2.7 2019-09-09
11 of 1 result
You can't create new repositories for python2.7 in Ubuntu.