[Git][security-tracker-team/security-tracker][master] Reserve DLA-2919-1 for python2.7

Anton Gladky (@gladk) gladk at debian.org
Sat Feb 12 12:26:25 GMT 2022 


Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3972c4a8 by Anton Gladky at 2022-02-12T13:26:02+01:00
Reserve DLA-2919-1 for python2.7

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -9402,7 +9402,6 @@ CVE-2021-4189 [ftplib should not use the host from the PASV response]
 	- python2.7 <unfixed>
 	[bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by security support)
 	[buster] - python2.7 <no-dsa> (Minor issue)
-	[stretch] - python2.7 <no-dsa> (Minor issue)
 	NOTE: https://bugs.python.org/issue43285
 	NOTE: https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master)
 	NOTE: https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3)
@@ -66169,7 +66168,6 @@ CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in
 	- python3.5 <removed>
 	- python2.7 2.7.18-2
 	[buster] - python2.7 <no-dsa> (Minor issue)
-	[stretch] - python2.7 <no-dsa> (Minor issue)
 	NOTE: https://bugs.python.org/issue42938
 	NOTE: https://github.com/python/cpython/pull/24239
 	NOTE: https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[12 Feb 2022] DLA-2919-1 python2.7 - security update
+	{CVE-2021-3177 CVE-2021-4189}
+	[stretch] - python2.7 2.7.13-2+deb9u6
 [12 Feb 2022] DLA-2918-1 debian-edu-config - security update
 	{CVE-2021-20001}
 	[stretch] - debian-edu-config 1.929+deb9u5


=====================================
data/dla-needed.txt
=====================================
@@ -64,10 +64,6 @@ pgbouncer (Emilio)
 pjproject (Abhijith PA)
   NOTE: 20211230: patch available for the no-dsa issue, check its NOTE (pochu)
 --
-python2.7 (Anton)
-  NOTE: 20220112: 3 postponed CVEs (Beuc)
-  NOTE: 20220206: WIP https://salsa.debian.org/lts-team/packages/python2.7/ (Anton)
---
 samba
   NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/
   NOTE: 20211212: Fix is too large, coordination with ELTS-upload (anton)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3972c4a864dbd9d6150654d226611bd8be13bfa2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3972c4a864dbd9d6150654d226611bd8be13bfa2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220212/a44b0f31/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list