lp:ubuntu/lucid-security/python3.1

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

15. By Jamie Strandboge on 2012-10-23

* SECURITY UPDATE: optionally disallow setting sys.path when setting
  sys.argv
  - debian/patches/CVE-2008-5983.dpatch: add new C API function,
    PySys_SetArgvEx
  - CVE-2008-5983
* SECURITY UPDATE: fix integer overflows in audioop module
  - debian/patches/CVE-2010-1634.dpatch: Fix incorrect and UB-inducing
    overflow checks
  - CVE-2010-1634
* SECURITY UPDATE: fix DoS in audioop module
  - debian/patches/CVE-2010-2089.dpatch: ensure that the input string length
    is a multiple of the frame size
  - CVE-2010-2089
* SECURE UPDATE: http://bugs.python.org/issue13512
  - debian/patches/CVE-2011-4944.dpatch: create ~/.pypirc securely
  - CVE-2011-4944
* SECURITY UPDATE: xmlrpc: Fix an endless loop in SimpleXMLRPCServer upon
  malformed POST request
  - debian/patches/CVE-2012-0845.dpatch: break if don't receive EOF in
    Lib/SimpleXMLRPCServer.py
  - CVE-2012-0845
* SECURITY UPDATE: fix hash randomization DoS
  - debian/patches/CVE-2012-1150.dpatch: add -R command-line option and
    PYTHONHASHSEED environment variable, to provide an opt-in way to protect
    against denial of service attacks due to hash collisions within the dict
    and set types.
  - CVE-2012-1150
* SECURITY UPDATE: http://bugs.python.org/issue14579
  - debian/patches/CVE-2012-2135.dpatch: fix vulnerability in the utf-16
    decoder after error handling
  - CVE-2012-2135

14. By Jamie Strandboge on 2011-12-09

* SECURITY UPDATE: only process Location headers for http, https, and ftp
  - http://bugs.python.org/issue11662
  - CVE-2011-1521
* SECURITY UPDATE: adds proper error handling on accept() when smtpd accepts
  new incoming connections
  - http://bugs.python.org/issue9129
  - CVE-2010-3493

13. By Matthias Klose on 2010-04-14

* Overwrite the sem_open autoconf check, depending on a newer
  kernel version not available on the buildd. LP: #556477.
* debian/patches/issue8032.dpatch: Update to version from the
  trunk. Upload for beta2 to avoid apport errors.
  - Handle PyFrameObject's: LP: #543624, #548723.
  - Detect cycles in object reference graph and add extra
    protection: LP: #544823, LP: #552356.

12. By Matthias Klose on 2010-03-21

* Python 3.1.2 release.
* Fix issue #4961: Inconsistent/wrong result of askyesno function in
  tkMessageBox with Tcl8.5. LP: #462950.
* Don't complain when /usr/local is not writable on installation.
* Apply proposed patch for issue #8032, gdb7 hooks for debugging.
* Backport issue #8140: Extend compileall to compile single files.
  Add -i option.

11. By Matthias Klose on 2010-03-11

Python 3.1.2 release candidate 1.

10. By Matthias Klose on 2009-11-02

* Update to the 3.1 release branch, 20091102.
* distutils install: Don't install into /usr/local/local, if option
  --prefix=/usr/local is present. LP: #456917.
* python3.1-doc: Fix searching in local documentation. LP: #456025.

9. By Matthias Klose on 2009-10-11

* Update to the 3.1 release branch, 20091011.
* Remove /usr/local/lib/python3.1 on package removal, if empty.
* Build _hashlib as a builtin. LP: #445530.
* python3.1-doc: Don't compress the sphinx inventory.
* python3.1-doc: Fix jquery.js symlink. LP: #447370.
* Run the benchmark with -C 2 -n 5 -w 4 on all architectures.
* python3.1-dbg: Don't create debug subdirectory in /usr/local. No
  separate debug directory needed anymore.

8. By Matthias Klose on 2009-09-13

* Update to the 3.1 release branch, 20090913.
* Fix title of devhelp document. LP: #423551.

7. By Matthias Klose on 2009-08-19

Fix regeneration of configure script.

6. By Matthias Klose on 2009-08-18

Python 3.1.1 final release.