[Git][security-tracker-team/security-tracker][master] py27 updates
Moritz Muehlenhoff
jmm at debian.org
Fri Oct 11 14:56:05 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b9dc95ec by Moritz Muehlenhoff at 2019-10-11T13:55:48Z
py27 updates
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1252,6 +1252,7 @@ CVE-2019-16935 (The documentation XML-RPC server in Python through 2.7.16, 3.x t
- python3.4 <removed>
[jessie] - python3.4 <ignored> (Minor Issue, XSS in an unlikely use-case)
- python2.7 <unfixed>
+ [buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point release)
[jessie] - python2.7 <ignored> (Minor Issue, XSS in an unlikely use-case)
- jython <unfixed>
[jessie] - jython <ignored> (Minor Issue, XSS in an unlikely use-case)
@@ -1263,6 +1264,7 @@ CVE-2019-16935 (The documentation XML-RPC server in Python through 2.7.16, 3.x t
NOTE: https://github.com/python/cpython/commit/6447b9f9bd27e1f6b04cef674dd3a7ab27bf4f28 (3.8 branch)
NOTE: https://github.com/python/cpython/commit/39a0c7555530e31c6941a78da19b6a5b61170687 (3.7 branch)
NOTE: https://github.com/python/cpython/commit/1698cacfb924d1df452e78d11a4bf81ae7777389 (3.6 branch)
+ NOTE: https://github.com/python/cpython/commit/8eb64155ff26823542ccf0225b3d57b6ae36ea89 (2.7 branch)
CVE-2019-16934
RESERVED
CVE-2019-16933
@@ -3688,6 +3690,7 @@ CVE-2019-16056 (An issue was discovered in Python through 2.7.16, 3.x through 3.
- python3.5 <removed>
- python3.4 <removed>
- python2.7 2.7.17~rc1-1 (bug #940901)
+ [buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://bugs.python.org/issue34155
NOTE: https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9 (master)
NOTE: https://github.com/python/cpython/commit/217077440a6938a0b428f67cfef6e053c4f8673c (v3.8.0b4)
@@ -12175,6 +12178,7 @@ CVE-2018-20852 (http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookie
- python3.5 <removed>
- python3.4 <removed>
- python2.7 2.7.16-3
+ [buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://bugs.python.org/issue35121
NOTE: https://python-security.readthedocs.io/vuln/cookie-domain-check.html
NOTE: https://github.com/python/cpython/commit/979daae300916adb399ab5b51410b6ebd0888f13 (2.7.x branch)
@@ -21371,7 +21375,7 @@ CVE-2019-10160 (A security regression of CVE-2019-9636 was discovered in python
- python3.5 <not-affected> (Incomplete fix for CVE-2019-9636 not applied)
- python3.4 <not-affected> (Incomplete fix for CVE-2019-9636 not applied)
- python2.7 2.7.16-3
- [buster] - python2.7 <no-dsa> (Minor issue)
+ [buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point release)
[stretch] - python2.7 <not-affected> (Incomplete fix for CVE-2019-9636 not applied)
[jessie] - python2.7 <not-affected> (Incomplete fix for CVE-2019-9636 not applied)
NOTE: Introduced by: https://github.com/python/cpython/commit/d537ab0ff9767ef024f26246899728f0116b1ec3 (v3.8.0a4)
@@ -22023,7 +22027,7 @@ CVE-2019-9947 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 a
- python3.5 <removed>
- python3.4 <removed>
- python2.7 2.7.16-3
- [buster] - python2.7 <no-dsa> (Minor issue)
+ [buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point release)
[stretch] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue35906
NOTE: Introduced by: https://github.com/python/cpython/commit/cc54c1c0d2d05fe7404ba64c53df4b1352ed2262
@@ -23559,7 +23563,7 @@ CVE-2019-9740 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 a
- python3.5 <removed>
- python3.4 <removed>
- python2.7 2.7.16-3
- [buster] - python2.7 <no-dsa> (Minor issue)
+ [buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point release)
[stretch] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue36276
NOTE: https://bugs.python.org/issue30458
=====================================
data/dsa-needed.txt
=====================================
@@ -53,8 +53,6 @@ pam-python
--
poppler (jmm)
--
-python2.7 (jmm)
---
python3.5 (jmm)
--
simplesamlphp/oldstable
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9dc95eccb64645002f22b153115d95d526d0b82
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9dc95eccb64645002f22b153115d95d526d0b82
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191011/00726d9a/attachment.html>
More information about the debian-security-tracker-commits
mailing list