UbuntuUpdates.org

Package "python-pip"

Name: python-pip

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Python package installer
  • Python package installer (pip wheel)
Latest version: 22.0.2+dfsg-1ubuntu0.4
Release: jammy (22.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "python-pip" in Jammy

Repository Area Version
base universe 20.3.4+dfsg-4
updates universe 22.0.2+dfsg-1ubuntu0.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 22.0.2+dfsg-1ubuntu0.4 2023-11-15 16:10:11 UTC

  python-pip (22.0.2+dfsg-1ubuntu0.4) jammy-security; urgency=medium

  * SECURITY UPDATE: http cookie leakage via http redirect
    - debian/patches/CVE-2023-43804.patch: removes the cookie from the
      http request when it is redirected to a different origin.
    - CVE-2023-43804
  * SECURITY UPDATE: http body leakage via http redirect
    - debian/patches/CVE-2023-45803.patch: removes the body from the
      http request when it is redirected to a different origin and the
      http verb is changed to GET.
    - CVE-2023-45803

 -- Jorge Sancho Larraz <email address hidden> Fri, 10 Nov 2023 13:42:40 +0100
Source diff to previous version
CVE-2023-43804 urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing

Version: 22.0.2+dfsg-1ubuntu0.3 2023-06-12 13:07:11 UTC

  python-pip (22.0.2+dfsg-1ubuntu0.3) jammy-security; urgency=medium

  * No-change rebuild for requests update.

 -- Marc Deslauriers <email address hidden> Mon, 05 Jun 2023 14:20:05 -0400
Source diff to previous version

Version: 22.0.2+dfsg-1ubuntu0.2 2023-02-28 16:09:50 UTC

  python-pip (22.0.2+dfsg-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: ReDOS in wheel.py
    - debian/patches/CVE-2022-40898.patch: Fix potential DoS attack
      via wheel_file_re by restricting matching dash and dot characters
      in src/pip/_internal/models/wheel.py.
    - CVE-2022-40898

 -- David Fernandez Gonzalez <email address hidden> Tue, 28 Feb 2023 10:39:46 +0100
Source diff to previous version
CVE-2022-40898 An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker c

Version: 22.0.2+dfsg-1ubuntu0.1 2023-01-24 15:07:43 UTC

  python-pip (22.0.2+dfsg-1ubuntu0.1) jammy-security; urgency=medium

  * No-change rebuild due to wheel and setuptools update.

 -- David Fernandez Gonzalez <email address hidden> Tue, 24 Jan 2023 10:23:13 +0100


About   -   Send Feedback to @ubuntu_updates