Branches for Precise

Name Status Last Modified Last Commit
lp:ubuntu/precise-proposed/python2.7 bug 2 Mature 2014-12-18 19:11:49 UTC 2014-12-18
61. * Ensure failed connections to /dev/l...

Author: James Page
Revision Date: 2014-12-18 12:05:28 UTC

* Ensure failed connections to /dev/log are full closed, preventing
  infinite loop on logging applications due to socket state (LP: #1081022):
  - d/p/syslog.diff: Cherry picked fix from upstream bugtracker.

lp:ubuntu/precise-security/python2.7 2 Mature 2015-06-22 10:55:41 UTC 2015-06-22
60. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-06-22 10:55:41 UTC

* SECURITY UPDATE: denial of service in multiple servers
  - debian/patches/CVE-2013-1752-ftplib.patch: limit amount of data read
    in Lib/ftplib.py, added test to Lib/test/test_ftplib.py.
  - debian/patches/CVE-2013-1752-httplib-1.patch: limit long lines in
    Lib/httplib.py.
  - debian/patches/CVE-2013-1752-httplib-2.patch: limit amount of headers
    in Lib/httplib.py, added test to Lib/test/test_httplib.py.
  - debian/patches/CVE-2013-1752-imaplib-1.patch: limit line length in
    Lib/imaplib.py, added test to Lib/test/test_imaplib.py.
  - debian/patches/CVE-2013-1752-imaplib-2.patch: disable broken test in
    Lib/test/test_imaplib.py.
  - debian/patches/CVE-2013-1752-nntplib.patch: limit line length in
    Lib/nntplib.py, added test to Lib/test/test_nntplib.py.
  - debian/patches/CVE-2013-1752-poplib.patch: limit maximum line length
    in Lib/poplib.py, added test to Lib/test/test_poplib.py.
  - debian/patches/CVE-2013-1752-smtplib.patch: limit amount read from
    the network in Lib/smtplib.py, added test to
    Lib/test/test_smtplib.py.
  - CVE-2013-1752
* SECURITY UPDATE: denial of service via xmlrpc gzip-compressed
  HTTP bodies
  - debian/patches/CVE-2013-1753.patch: add default limit in
    Lib/xmlrpclib.py, added test to Lib/test/test_xmlrpc.py.
  - CVE-2013-1753
* SECURITY UPDATE: arbitrary memory read via idx argument
  - debian/patches/CVE-2014-4616.patch: reject negative idx values in
    Modules/_json.c, added test to Lib/json/tests/test_decode.py.
  - CVE-2014-4616
* SECURITY UPDATE: code execution or file disclosure via CGIHTTPServer
  - debian/patches/CVE-2014-4650.patch: url unquote path in
    Lib/CGIHTTPServer.py, added test to Lib/test/test_httpservers.py.
  - CVE-2014-4650
* SECURITY UPDATE: information disclosure via buffer function
  - debian/patches/CVE-2014-7185.patch: avoid overflow in
    Objects/bufferobject.c, added test to Lib/test/test_buffer.py.
  - CVE-2014-7185

lp:ubuntu/precise-updates/python2.7 2 Mature 2015-06-22 10:55:41 UTC 2015-06-22
60. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-06-22 10:55:41 UTC

* SECURITY UPDATE: denial of service in multiple servers
  - debian/patches/CVE-2013-1752-ftplib.patch: limit amount of data read
    in Lib/ftplib.py, added test to Lib/test/test_ftplib.py.
  - debian/patches/CVE-2013-1752-httplib-1.patch: limit long lines in
    Lib/httplib.py.
  - debian/patches/CVE-2013-1752-httplib-2.patch: limit amount of headers
    in Lib/httplib.py, added test to Lib/test/test_httplib.py.
  - debian/patches/CVE-2013-1752-imaplib-1.patch: limit line length in
    Lib/imaplib.py, added test to Lib/test/test_imaplib.py.
  - debian/patches/CVE-2013-1752-imaplib-2.patch: disable broken test in
    Lib/test/test_imaplib.py.
  - debian/patches/CVE-2013-1752-nntplib.patch: limit line length in
    Lib/nntplib.py, added test to Lib/test/test_nntplib.py.
  - debian/patches/CVE-2013-1752-poplib.patch: limit maximum line length
    in Lib/poplib.py, added test to Lib/test/test_poplib.py.
  - debian/patches/CVE-2013-1752-smtplib.patch: limit amount read from
    the network in Lib/smtplib.py, added test to
    Lib/test/test_smtplib.py.
  - CVE-2013-1752
* SECURITY UPDATE: denial of service via xmlrpc gzip-compressed
  HTTP bodies
  - debian/patches/CVE-2013-1753.patch: add default limit in
    Lib/xmlrpclib.py, added test to Lib/test/test_xmlrpc.py.
  - CVE-2013-1753
* SECURITY UPDATE: arbitrary memory read via idx argument
  - debian/patches/CVE-2014-4616.patch: reject negative idx values in
    Modules/_json.c, added test to Lib/json/tests/test_decode.py.
  - CVE-2014-4616
* SECURITY UPDATE: code execution or file disclosure via CGIHTTPServer
  - debian/patches/CVE-2014-4650.patch: url unquote path in
    Lib/CGIHTTPServer.py, added test to Lib/test/test_httpservers.py.
  - CVE-2014-4650
* SECURITY UPDATE: information disclosure via buffer function
  - debian/patches/CVE-2014-7185.patch: avoid overflow in
    Objects/bufferobject.c, added test to Lib/test/test_buffer.py.
  - CVE-2014-7185

lp:ubuntu/precise/python2.7 bug 1 Development 2012-04-20 14:19:23 UTC 2012-04-20
57. * python2.7-minimal needs a versioned...

Author: Steve Langasek
Revision Date: 2012-04-20 14:19:23 UTC

* python2.7-minimal needs a versioned depends on python-minimal, not a
  Conflicts. Conflicts with essential packages, versioned or otherwise,
  are a serious problem for upgrades, as the previous upload demonstrated.
  Instead, we allow a circular dependency between python2.7-minimal and
  python-minimal, and rely on the fact that the package manager ensures
  new versions of both packages will be unpacked before running the
  maintainer script from python2.7-minimal. LP: #986374.
* Our versioned dependency on python-minimal is 2.6.6-3+squeeze1, which is
  the first version shipping a pycompile that supports passing a -V option
  referring to a version python-minimal doesn't already know about.

14 of 4 results