-
Committer:
Matthias Klose
-
Date:
2014-12-10 10:22:44 UTC
-
Revision ID:
doko@debian.org-20141210102244-oe7fa504xhsqa09n
python2.7 (2.7.9~rc1-2) unstable; urgency=medium
* Update to 20141209, taken from the 2.7 release repository.
- Issue #22959: Remove the *check_hostname* parameter of
httplib.HTTPSConnection. The *context* parameter should be used instead.
- Issue #16043: Add a default limit for the amount of data
xmlrpclib.gzip_decode will return. This resolves CVE-2013-1753.
Closes: #742929.
- Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by
limiting the call to readline(). Closes: #742929.
- Issue #16041: In poplib, limit maximum line length read from the server
to prevent CVE-2013-1752. Closes: #742929.
- Issue #22960: Add a context argument to xmlrpclib.ServerProxy.
- Issue #22935: Allow the ssl module to be compiled if openssl
doesn't support SSL 3.
* Add locales to autopkg test dependencies as in 3.4.
* Remove Demo/scripts/newslist.* from the examples package, not
distributable, will get removed in 2.7.9~rc2 sources. See issue #12987.
* Let ensurepip always use a temporary directory for installations.
-- Matthias Klose <doko@debian.org> Tue, 09 Dec 2014 15:47:40 +0100