[Git][security-tracker-team/security-tracker][master] py27 updates

Moritz Muehlenhoff jmm at debian.org
Fri Oct 11 14:56:05 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b9dc95ec by Moritz Muehlenhoff at 2019-10-11T13:55:48Z
py27 updates

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1252,6 +1252,7 @@ CVE-2019-16935 (The documentation XML-RPC server in Python through 2.7.16, 3.x t
 	- python3.4 <removed>
 	[jessie] - python3.4 <ignored> (Minor Issue, XSS in an unlikely use-case)
 	- python2.7 <unfixed>
+	[buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point release)
 	[jessie] - python2.7 <ignored> (Minor Issue, XSS in an unlikely use-case)
 	- jython <unfixed>
 	[jessie] - jython <ignored> (Minor Issue, XSS in an unlikely use-case)
@@ -1263,6 +1264,7 @@ CVE-2019-16935 (The documentation XML-RPC server in Python through 2.7.16, 3.x t
 	NOTE: https://github.com/python/cpython/commit/6447b9f9bd27e1f6b04cef674dd3a7ab27bf4f28 (3.8 branch)
 	NOTE: https://github.com/python/cpython/commit/39a0c7555530e31c6941a78da19b6a5b61170687 (3.7 branch)
 	NOTE: https://github.com/python/cpython/commit/1698cacfb924d1df452e78d11a4bf81ae7777389 (3.6 branch)
+	NOTE: https://github.com/python/cpython/commit/8eb64155ff26823542ccf0225b3d57b6ae36ea89 (2.7 branch)
 CVE-2019-16934
 	RESERVED
 CVE-2019-16933
@@ -3688,6 +3690,7 @@ CVE-2019-16056 (An issue was discovered in Python through 2.7.16, 3.x through 3.
 	- python3.5 <removed>
 	- python3.4 <removed>
 	- python2.7 2.7.17~rc1-1 (bug #940901)
+	[buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point release)
 	NOTE: https://bugs.python.org/issue34155
 	NOTE: https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9 (master)
 	NOTE: https://github.com/python/cpython/commit/217077440a6938a0b428f67cfef6e053c4f8673c (v3.8.0b4)
@@ -12175,6 +12178,7 @@ CVE-2018-20852 (http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookie
 	- python3.5 <removed>
 	- python3.4 <removed>
 	- python2.7 2.7.16-3
+	[buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point release)
 	NOTE: https://bugs.python.org/issue35121
 	NOTE: https://python-security.readthedocs.io/vuln/cookie-domain-check.html
 	NOTE: https://github.com/python/cpython/commit/979daae300916adb399ab5b51410b6ebd0888f13 (2.7.x branch)
@@ -21371,7 +21375,7 @@ CVE-2019-10160 (A security regression of CVE-2019-9636 was discovered in python
 	- python3.5 <not-affected> (Incomplete fix for CVE-2019-9636 not applied)
 	- python3.4 <not-affected> (Incomplete fix for CVE-2019-9636 not applied)
 	- python2.7 2.7.16-3
-	[buster] - python2.7 <no-dsa> (Minor issue)
+	[buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point release)
 	[stretch] - python2.7 <not-affected> (Incomplete fix for CVE-2019-9636 not applied)
 	[jessie] - python2.7 <not-affected> (Incomplete fix for CVE-2019-9636 not applied)
 	NOTE: Introduced by: https://github.com/python/cpython/commit/d537ab0ff9767ef024f26246899728f0116b1ec3 (v3.8.0a4)
@@ -22023,7 +22027,7 @@ CVE-2019-9947 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 a
 	- python3.5 <removed>
 	- python3.4 <removed>
 	- python2.7 2.7.16-3
-	[buster] - python2.7 <no-dsa> (Minor issue)
+	[buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point release)
 	[stretch] - python2.7 <no-dsa> (Minor issue)
 	NOTE: https://bugs.python.org/issue35906
 	NOTE: Introduced by: https://github.com/python/cpython/commit/cc54c1c0d2d05fe7404ba64c53df4b1352ed2262
@@ -23559,7 +23563,7 @@ CVE-2019-9740 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 a
 	- python3.5 <removed>
 	- python3.4 <removed>
 	- python2.7 2.7.16-3
-	[buster] - python2.7 <no-dsa> (Minor issue)
+	[buster] - python2.7 <no-dsa> (Minor issue, will be fixed via point release)
 	[stretch] - python2.7 <no-dsa> (Minor issue)
 	NOTE: https://bugs.python.org/issue36276
 	NOTE: https://bugs.python.org/issue30458


=====================================
data/dsa-needed.txt
=====================================
@@ -53,8 +53,6 @@ pam-python
 --
 poppler (jmm)
 --
-python2.7 (jmm)
---
 python3.5 (jmm)
 --
 simplesamlphp/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9dc95eccb64645002f22b153115d95d526d0b82

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b9dc95eccb64645002f22b153115d95d526d0b82
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191011/00726d9a/attachment.html>

More information about the debian-security-tracker-commits mailing list