Branches for Trusty

Name Status Last Modified Last Commit
lp:ubuntu/trusty/python2.7 2 Mature 2014-03-22 14:31:54 UTC 2014-03-22
105. * Update to 20140322, taken from the ...

Author: Matthias Klose
Revision Date: 2014-03-22 14:31:54 UTC

* Update to 20140322, taken from the 2.7 branch.
* Install updated idle icons. LP: #1295969.
* Update the ssl.match_hostname backport: Change behavior of
  ``ssl.match_hostname()`` to follow RFC 6125, for security reasons.
  It now doesn't match multiple wildcards nor wildcards inside IDN fragments.
  Closes: #740255.

lp:ubuntu/trusty-security/python2.7 2 Mature 2015-06-25 12:28:11 UTC 2015-06-25
106. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-06-22 10:51:39 UTC

* SECURITY UPDATE: denial of service in multiple servers
  - debian/patches/CVE-2013-1752-httplib-2.patch: limit amount of headers
    in Lib/httplib.py, added test to Lib/test/test_httplib.py.
  - debian/patches/CVE-2013-1752-poplib.patch: limit maximum line length
    in Lib/poplib.py, added test to Lib/test/test_poplib.py.
  - debian/patches/CVE-2013-1752-smtplib.patch: limit amount read from
    the network in Lib/smtplib.py, added test to
    Lib/test/test_smtplib.py.
  - CVE-2013-1752
* SECURITY UPDATE: denial of service via xmlrpc gzip-compressed
  HTTP bodies
  - debian/patches/CVE-2013-1753.patch: add default limit in
    Lib/xmlrpclib.py, added test to Lib/test/test_xmlrpc.py.
  - CVE-2013-1753
* SECURITY UPDATE: arbitrary memory read via idx argument
  - debian/patches/CVE-2014-4616.patch: reject negative idx values in
    Modules/_json.c, added test to Lib/json/tests/test_decode.py.
  - CVE-2014-4616
* SECURITY UPDATE: code execution or file disclosure via CGIHTTPServer
  - debian/patches/CVE-2014-4650.patch: url unquote path in
    Lib/CGIHTTPServer.py, added test to Lib/test/test_httpservers.py.
  - CVE-2014-4650
* SECURITY UPDATE: information disclosure via buffer function
  - debian/patches/CVE-2014-7185.patch: avoid overflow in
    Objects/bufferobject.c, added test to Lib/test/test_buffer.py.
  - CVE-2014-7185

lp:ubuntu/trusty-updates/python2.7 2 Mature 2015-06-25 13:23:43 UTC 2015-06-25
106. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-06-22 10:51:39 UTC

* SECURITY UPDATE: denial of service in multiple servers
  - debian/patches/CVE-2013-1752-httplib-2.patch: limit amount of headers
    in Lib/httplib.py, added test to Lib/test/test_httplib.py.
  - debian/patches/CVE-2013-1752-poplib.patch: limit maximum line length
    in Lib/poplib.py, added test to Lib/test/test_poplib.py.
  - debian/patches/CVE-2013-1752-smtplib.patch: limit amount read from
    the network in Lib/smtplib.py, added test to
    Lib/test/test_smtplib.py.
  - CVE-2013-1752
* SECURITY UPDATE: denial of service via xmlrpc gzip-compressed
  HTTP bodies
  - debian/patches/CVE-2013-1753.patch: add default limit in
    Lib/xmlrpclib.py, added test to Lib/test/test_xmlrpc.py.
  - CVE-2013-1753
* SECURITY UPDATE: arbitrary memory read via idx argument
  - debian/patches/CVE-2014-4616.patch: reject negative idx values in
    Modules/_json.c, added test to Lib/json/tests/test_decode.py.
  - CVE-2014-4616
* SECURITY UPDATE: code execution or file disclosure via CGIHTTPServer
  - debian/patches/CVE-2014-4650.patch: url unquote path in
    Lib/CGIHTTPServer.py, added test to Lib/test/test_httpservers.py.
  - CVE-2014-4650
* SECURITY UPDATE: information disclosure via buffer function
  - debian/patches/CVE-2014-7185.patch: avoid overflow in
    Objects/bufferobject.c, added test to Lib/test/test_buffer.py.
  - CVE-2014-7185

lp:ubuntu/trusty-proposed/python2.7 bug 1 Development 2014-03-22 22:55:53 UTC 2014-03-22
105. * Update to 20140322, taken from the ...

Author: Matthias Klose
Revision Date: 2014-03-22 14:31:54 UTC

* Update to 20140322, taken from the 2.7 branch.
* Install updated idle icons. LP: #1295969.
* Update the ssl.match_hostname backport: Change behavior of
  ``ssl.match_hostname()`` to follow RFC 6125, for security reasons.
  It now doesn't match multiple wildcards nor wildcards inside IDN fragments.
  Closes: #740255.

14 of 4 results