UbuntuUpdates.org

Package "python2.7"

Name: python2.7

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • IDE for Python (v2.7) using Tkinter
  • Testsuite for the Python standard library (v2.7)

Latest version: 2.7.15-4ubuntu4~18.04.2
Release: bionic (18.04)
Level: security
Repository: universe

Links

Save this URL for the latest version of "python2.7": https://www.ubuntuupdates.org/python2.7



Other versions of "python2.7" in Bionic

Repository Area Version
base main 2.7.15~rc1-1
base universe 2.7.15~rc1-1
security main 2.7.15-4ubuntu4~18.04.2
updates main 2.7.15-4ubuntu4~18.04.2
updates universe 2.7.15-4ubuntu4~18.04.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.7.15-4ubuntu4~18.04.2 2019-10-09 14:08:24 UTC

  python2.7 (2.7.15-4ubuntu4~18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: incorrect email address parsing
    - debian/patches/CVE-2019-16056.patch: don't parse domains containing @
      in Lib/email/_parseaddr.py, Lib/test/test_email/test_email.py.
    - CVE-2019-16056
  * SECURITY UPDATE: XSS in documentation XML-RPC server
    - debian/patches/CVE-2019-16935.patch: escape the server_title in
      Lib/DocXMLRPCServer.py, Lib/test/test_docxmlrpc.py.
    - CVE-2019-16935

 -- Marc Deslauriers <email address hidden> Mon, 07 Oct 2019 13:39:04 -0400

Source diff to previous version
CVE-2019-16056 An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses em
CVE-2019-16935 The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs

Version: 2.7.15-4ubuntu4~18.04.1 2019-09-09 19:07:03 UTC
No changelog available yet.
Source diff to previous version

Version: 2.7.15-4ubuntu4~18.04 2019-08-20 13:07:11 UTC

  python2.7 (2.7.15-4ubuntu4~18.04) bionic; urgency=medium

  * Rebuild against OpenSSL 1.1.1. LP: #1797386
  * Update to 2.7.15 final.

 -- Dimitri John Ledkov <email address hidden> Tue, 27 Nov 2018 23:36:35 +0000

Source diff to previous version

Version: 2.7.15~rc1-1ubuntu0.1 2018-11-13 17:07:34 UTC

  python2.7 (2.7.15~rc1-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: command injection in shutil module
    - debian/patches/CVE-2018-1000802.patch: use subprocess rather than
      distutils.spawn in Lib/shutil.py.
    - CVE-2018-1000802
  * SECURITY UPDATE: incorrect Expat hash salt initialization
    - debian/patches/CVE-2018-14647.patch: call SetHashSalt in
      Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c.
    - CVE-2018-14647

 -- Marc Deslauriers <email address hidden> Mon, 12 Nov 2018 09:31:15 -0500

CVE-2018-1000802 Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command In
CVE-2018-14647 Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service



About   -   Send Feedback to @ubuntu_updates