Created by Ubuntu Package Importer on 2012-08-08 and last modified on 2015-06-22
Get this branch:
bzr branch lp:ubuntu/precise-updates/python2.7
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

60. By Marc Deslauriers on 2015-06-22

* SECURITY UPDATE: denial of service in multiple servers
  - debian/patches/CVE-2013-1752-ftplib.patch: limit amount of data read
    in Lib/ftplib.py, added test to Lib/test/test_ftplib.py.
  - debian/patches/CVE-2013-1752-httplib-1.patch: limit long lines in
  - debian/patches/CVE-2013-1752-httplib-2.patch: limit amount of headers
    in Lib/httplib.py, added test to Lib/test/test_httplib.py.
  - debian/patches/CVE-2013-1752-imaplib-1.patch: limit line length in
    Lib/imaplib.py, added test to Lib/test/test_imaplib.py.
  - debian/patches/CVE-2013-1752-imaplib-2.patch: disable broken test in
  - debian/patches/CVE-2013-1752-nntplib.patch: limit line length in
    Lib/nntplib.py, added test to Lib/test/test_nntplib.py.
  - debian/patches/CVE-2013-1752-poplib.patch: limit maximum line length
    in Lib/poplib.py, added test to Lib/test/test_poplib.py.
  - debian/patches/CVE-2013-1752-smtplib.patch: limit amount read from
    the network in Lib/smtplib.py, added test to
  - CVE-2013-1752
* SECURITY UPDATE: denial of service via xmlrpc gzip-compressed
  HTTP bodies
  - debian/patches/CVE-2013-1753.patch: add default limit in
    Lib/xmlrpclib.py, added test to Lib/test/test_xmlrpc.py.
  - CVE-2013-1753
* SECURITY UPDATE: arbitrary memory read via idx argument
  - debian/patches/CVE-2014-4616.patch: reject negative idx values in
    Modules/_json.c, added test to Lib/json/tests/test_decode.py.
  - CVE-2014-4616
* SECURITY UPDATE: code execution or file disclosure via CGIHTTPServer
  - debian/patches/CVE-2014-4650.patch: url unquote path in
    Lib/CGIHTTPServer.py, added test to Lib/test/test_httpservers.py.
  - CVE-2014-4650
* SECURITY UPDATE: information disclosure via buffer function
  - debian/patches/CVE-2014-7185.patch: avoid overflow in
    Objects/bufferobject.c, added test to Lib/test/test_buffer.py.
  - CVE-2014-7185

59. By Marc Deslauriers on 2014-02-27

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in socket.recvfrom_into
  - debian/patches/CVE-2014-1912.diff: check buffer length in
    Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
  - CVE-2014-1912

58. By Marc Deslauriers on 2013-09-26

* SECURITY UPDATE: incorrect ssl hostname verification
  - debian/patches/CVE-2013-4238.diff: correctly handle NULL bytes in
    the subjectAltName in Modules/_ssl.c, add test to
    Lib/test/test_ssl.py, Lib/test/nullbytecert.pem.
  - CVE-2013-4238
* debian/patches/disable-ssl-cert-tests.diff: disable patch to re-enable
  ssl cert tests.
* debian/patches/fix_expired_certs.diff: update expired ssl certs to fix
  ssl tests.
* debian/patches/disable_ssl_test_algorithms.diff: disable a test that
  requires SNI support.
* This package does _not_ contain the changes from 2.7.3-0ubuntu3.3 in

57. By Steve Langasek on 2012-04-20

* python2.7-minimal needs a versioned depends on python-minimal, not a
  Conflicts. Conflicts with essential packages, versioned or otherwise,
  are a serious problem for upgrades, as the previous upload demonstrated.
  Instead, we allow a circular dependency between python2.7-minimal and
  python-minimal, and rely on the fact that the package manager ensures
  new versions of both packages will be unpacked before running the
  maintainer script from python2.7-minimal. LP: #986374.
* Our versioned dependency on python-minimal is 2.6.6-3+squeeze1, which is
  the first version shipping a pycompile that supports passing a -V option
  referring to a version python-minimal doesn't already know about.

56. By Matthias Klose on 2012-04-19

python2.7-minimal: Conflict with python-minimal (<< 2.7.3). LP: #983981.

55. By Matthias Klose on 2012-04-10

Python 2.7.3 release.

54. By Matthias Klose on 2012-04-06

Merge with Debian; remaining changes:

53. By Matthias Klose on 2012-03-21

* Loosen build dependency on expat (the version in precise has the
  security fixes applied).
* Add safety check to ensure that the _bsddb extension is built.

52. By Steve Langasek on 2012-03-09

Re-enable the db5.1 patch again. LP: #440889.

51. By Matthias Klose on 2012-03-09

* Merge with Debian; remaining changes:
  - Build-depend on libdb5.1-dev.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.