Package "python2.7"
Name: |
python2.7
|
Description: |
Interactive high-level object-oriented language (version 2.7)
|
Latest version: |
2.7.6-8ubuntu0.5 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
main |
Links
Download "python2.7"
Other versions of "python2.7" in Trusty
Packages in group
Deleted packages are displayed in grey.
Changelog
python2.7 (2.7.6-8ubuntu0.5) trusty-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow via race condition
- debian/patches/CVE-2018-1000030-1.patch: stop crashes when iterating
over a file on multiple threads in Lib/test/test_file2k.py,
Objects/fileobject.c.
- debian/patches/CVE-2018-1000030-2.patch: fix crash when multiple
threads iterate over a file in Lib/test/test_file2k.py,
Objects/fileobject.c.
- CVE-2018-1000030
* SECURITY UPDATE: command injection in shutil module
- debian/patches/CVE-2018-1000802.patch: use subprocess rather than
distutils.spawn in Lib/shutil.py.
- CVE-2018-1000802
* SECURITY UPDATE: DoS via catastrophic backtracking
- debian/patches/CVE-2018-106x.patch: fix expressions in
Lib/difflib.py, Lib/poplib.py. Added tests to
Lib/test/test_difflib.py, Lib/test/test_poplib.py.
- CVE-2018-1060
- CVE-2018-1061
* SECURITY UPDATE: incorrect Expat hash salt initialization
- debian/patches/CVE-2018-14647.patch: call SetHashSalt in
Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c.
- CVE-2018-14647
-- Marc Deslauriers <email address hidden> Mon, 12 Nov 2018 11:49:11 -0500
|
Source diff to previous version |
CVE-2018-1000030 |
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it |
CVE-2018-1000802 |
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command In |
CVE-2018-1060 |
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacke |
CVE-2018-1061 |
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An |
CVE-2018-14647 |
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service |
|
python2.7 (2.7.6-8ubuntu0.4) trusty-security; urgency=medium
* SECURITY UPDATE: integer overflow in the PyString_DecodeEscape
function
- debian/patches/CVE-2017-1000158.patch: fix this integer overflow
in Objects/stringobject.c.
- CVE-2017-1000158
-- <email address hidden> (Leonidas S. Barbosa) Mon, 20 Nov 2017 12:39:42 -0300
|
Source diff to previous version |
python2.7 (2.7.6-8ubuntu0.3) trusty-security; urgency=medium
* SECURITY UPDATE: StartTLS stripping attack
- debian/patches/CVE-2016-0772.patch: raise an error when
STARTTLS fails in Lib/smtplib.py.
- CVE-2016-0772
* SECURITY UPDATE: use of HTTP_PROXY flag supplied by attacker in CGI
scripts (aka HTTPOXY attack)
- debian/patches/CVE-2016-1000110-pre.patch: prefer lower_case
proxy environment variables over UPPER_CASE or Mixed_Case ones.
- debian/patches/CVE-2016-1000110.patch: if running as CGI
script, forget HTTP_PROXY in Lib/urllib.py, add test to
Lib/test/test_urllib.py, add documentation.
- CVE-2016-1000110
* SECURITY UPDATE: Integer overflow when handling zipfiles
- debian/patches/CVE-2016-5636-pre.patch: check for negative size
in Modules/zipimport.c
- debian/patches/CVE-2016-5636.patch: check for too large value in
Modules/zipimport.c
- CVE-2016-5636
* SECURITY UPDATE: CRLF injection vulnerability in the
HTTPConnection.putheader
- debian/patches/CVE-2016-5699.patch: disallow newlines in
putheader() arguments when not followed by spaces or tabs in
Lib/httplib.py, add tests in Lib/test/test_httplib.py
- CVE-2016-5699
-- Steve Beattie <email address hidden> Tue, 25 Oct 2016 15:38:32 -0700
|
Source diff to previous version |
CVE-2016-0772 |
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, whi |
CVE-2016-1000 |
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202. |
CVE-2016-5636 |
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remot |
CVE-2016-5699 |
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4. |
|
python2.7 (2.7.6-8ubuntu0.2) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service in multiple servers
- debian/patches/CVE-2013-1752-httplib-2.patch: limit amount of headers
in Lib/httplib.py, added test to Lib/test/test_httplib.py.
- debian/patches/CVE-2013-1752-poplib.patch: limit maximum line length
in Lib/poplib.py, added test to Lib/test/test_poplib.py.
- debian/patches/CVE-2013-1752-smtplib.patch: limit amount read from
the network in Lib/smtplib.py, added test to
Lib/test/test_smtplib.py.
- CVE-2013-1752
* SECURITY UPDATE: denial of service via xmlrpc gzip-compressed
HTTP bodies
- debian/patches/CVE-2013-1753.patch: add default limit in
Lib/xmlrpclib.py, added test to Lib/test/test_xmlrpc.py.
- CVE-2013-1753
* SECURITY UPDATE: arbitrary memory read via idx argument
- debian/patches/CVE-2014-4616.patch: reject negative idx values in
Modules/_json.c, added test to Lib/json/tests/test_decode.py.
- CVE-2014-4616
* SECURITY UPDATE: code execution or file disclosure via CGIHTTPServer
- debian/patches/CVE-2014-4650.patch: url unquote path in
Lib/CGIHTTPServer.py, added test to Lib/test/test_httpservers.py.
- CVE-2014-4650
* SECURITY UPDATE: information disclosure via buffer function
- debian/patches/CVE-2014-7185.patch: avoid overflow in
Objects/bufferobject.c, added test to Lib/test/test_buffer.py.
- CVE-2014-7185
-- Marc Deslauriers <email address hidden> Mon, 22 Jun 2015 10:51:39 -0400
|
CVE-2014-4616 |
arbitrary process memory read |
CVE-2014-7185 |
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via |
|
About
-
Send Feedback to @ubuntu_updates