~ubuntu-branches/ubuntu/natty/python2.6/natty-security

Viewing all changes in revision 68.

  • Committer: Package Import Robot
  • Author(s): Jamie Strandboge
  • Date: 2012-09-28 07:07:08 UTC
  • Revision ID: package-import@ubuntu.com-20120928070708-gj82972y7y9xnd0w
Tags: 2.6.6-6ubuntu7.1
* SECURITY UPDATE: fix hash randomization DoS
  - debian/patches/CVE-2012-1150.diff: add -R command-line option and
    PYTHONHASHSEED environment variable, to provide an opt-in way to protect
    against denial of service attacks due to hash collisions within the dict
    and set types.
  - CVE-2012-1150
* SECURITY UPDATE: xmlrpc: Fix an endless loop in SimpleXMLRPCServer upon
  malformed POST request
  - debian/patches/CVE-2012-0845.diff: break if don't receive EOF in
    Lib/SimpleXMLRPCServer.py
  - CVE-2012-0845
* SECURE UPDATE: http://bugs.python.org/issue13512
  - debian/patches/CVE-2011-4944.diff: create ~/.pypirc securely
  - CVE-2011-4944
* SECURITY UPDATE: Fix CGIHTTPServer information disclosure.
  - debian/patches/CVE-2011-1015.diff: Relative paths are now collapsed
    within the url properly before looking in cgi_directories.
  - CVE-2011-1015
* SECURITY UPDATE: fix XSS in SimpleHTTPServer
  - debian/patches/CVE-2011-4940.diff: add a charset parameter to the
    Content-type
  - CVE-2011-4940
* SECURITY UPDATE: update urllib and urllib2 for invalid redirections
  - debian/patches/CVE-2011-1521.diff: only process Location headers for
    http, https, and ftp
  - http://bugs.python.org/issue11662
  - CVE-2011-1521

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: