lp:ubuntu/lucid-security/python2.6
- Get this branch:
- bzr branch lp:ubuntu/lucid-security/python2.6
Branch merges
Related source package recipes
Branch information
Recent revisions
- 53. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
buffer overflow in socket.recvfrom_ into
- debian/patches/ CVE-2014- 1912.dpatch: check buffer length in
Modules/socketmodule. c.
- CVE-2014-1912 - 52. By Marc Deslauriers
-
* SECURITY UPDATE: incorrect ssl hostname verification
- debian/patches/ CVE-2013- 4238.dpatch: correctly handle NULL bytes in
the subjectAltName in Modules/_ssl.c, add test to
Lib/test/test_ ssl.py, Lib/test/ nullbytecert. pem.
- CVE-2013-4238
* debian/patches/ fix_expired_ certs.dpatch: update expired ssl certs to
fix ssl tests. - 51. By Jamie Strandboge
-
* SECURITY UPDATE: fix hash randomization DoS
- debian/patches/ CVE-2012- 1150.dpatch: add -R command-line option and
PYTHONHASHSEED environment variable, to provide an opt-in way to protect
against denial of service attacks due to hash collisions within the dict
and set types.
- CVE-2012-1150
* SECURITY UPDATE: xmlrpc: Fix an endless loop in SimpleXMLRPCServer upon
malformed POST request
- debian/patches/ CVE-2012- 0845.dpatch: break if don't receive EOF in
Lib/SimpleXMLRPCSer ver.py
- CVE-2012-0845
* SECURE UPDATE: http://bugs.python. org/issue13512
- debian/patches/ CVE-2011- 4944.dpatch: create ~/.pypirc securely
- CVE-2011-4944
* SECURITY UPDATE: Fix CGIHTTPServer information disclosure.
- debian/patches/ CVE-2011- 1015.dpatch: Relative paths are now collapsed
within the url properly before looking in cgi_directories.
- CVE-2011-1015
* SECURITY UPDATE: fix XSS in SimpleHTTPServer
- debian/patches/ CVE-2011- 4940.dpatch: add a charset parameter to the
Content-type
- CVE-2011-4940
* SECURITY UPDATE: update urllib and urllib2 for invalid redirections
- debian/patches/ CVE-2011- 1521.dpatch: only process Location headers for
http, https, and ftp
- http://bugs.python. org/issue11662
- CVE-2011-1521
* SECURITY UPDATE: fix DoS in smtpd.py
- debian/patches/ CVE-2010- 3493.dpatch: adds proper error handling on
accept() when smtpd accepts new incoming connections
- http://bugs.python. org/issue9129
- CVE-2010-3493
* SECURITY UPDATE: fix DoS in audioop module
- debian/patches/ CVE-2010- 2089.dpatch: ensure that the input string length
is a multiple of the frame size
- CVE-2010-2089
* SECURITY UPDATE: fix integer overflows in audioop module
- debian/patches/ CVE-2010- 1634.dpatch: Fix incorrect and UB-inducing
overflow checks
- CVE-2010-1634
* SECURITY UPDATE: optionally disallow setting sys.path when setting
sys.argv
- debian/patches/ CVE-2008- 5983.dpatch: add new C API function,
PySys_SetArgvEx
- CVE-2008-5983 - 49. By Matthias Klose
-
* Fix issue #8329: Don't return the same lists from select.select
when no fds are changed.
* Fix issue #8310: Allow dis to examine new style classes. - 48. By Matthias Klose
-
* debian/
patches/ issue8032. dpatch: Update to version from the
trunk. Upload for beta2 to avoid apport errors.
- Handle PyFrameObject's: LP: #543624, #548723.
- Detect cycles in object reference graph and add extra
protection: LP: #544823, LP: #552356. - 47. By Matthias Klose
-
* debian/
patches/ issue8140. dpatch: Incomplete patch; regenerate.
* debian/patches/ issue8032. dpatch: Update to v4:
- Add support for PySetObject (set/frozenset).
- Add support for PyBaseExceptionObject (BaseException).
- Fix a signed vs unsigned char issue that led to exceptions
in gdb for PyStringObject instances.
- Handle the case of loops in the object reference graph.
- Unit tests for all of the above.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/quantal/python2.6
