~ubuntu-branches/ubuntu/precise/python2.7/precise-security : changes

~ubuntu-branches/ubuntu/precise/python2.7/precise-security » Changes from revision 60

From Revision 60 to 41

Rev	Summary	Authors	Tags	Date
60	* SECURITY UPDATE: denial of service in multiple servers * SECURITY UPDATE: denial of service in multiple servers - debian/patches/CVE-2013-1752-ftplib.patch: limit amount of data read in Lib/ftplib.py, added test to Lib/test/test_ftplib.py. - debian/patches/CVE-2013-1752-httplib-1.patch: limit long lines in Lib/httplib.py. - debian/patches/CVE-2013-1752-httplib-2.patch: limit amount of headers in Lib/httplib.py, added test to Lib/test/test_httplib.py. - debian/patches/CVE-2013-1752-imaplib-1.patch: limit line length in Lib/imaplib.py, added test to Lib/test/test_imaplib.py. - debian/patches/CVE-2013-1752-imaplib-2.patch: disable broken test in Lib/test/test_imaplib.py. - debian/patches/CVE-2013-1752-nntplib.patch: limit line length in Lib/nntplib.py, added test to Lib/test/test_nntplib.py. - debian/patches/CVE-2013-1752-poplib.patch: limit maximum line length in Lib/poplib.py, added test to Lib/test/test_poplib.py. - debian/patches/CVE-2013-1752-smtplib.patch: limit amount read from the network in Lib/smtplib.py, added test to Lib/test/test_smtplib.py. - CVE-2013-1752 * SECURITY UPDATE: denial of service via xmlrpc gzip-compressed HTTP bodies - debian/patches/CVE-2013-1753.patch: add default limit in Lib/xmlrpclib.py, added test to Lib/test/test_xmlrpc.py. - CVE-2013-1753 * SECURITY UPDATE: arbitrary memory read via idx argument - debian/patches/CVE-2014-4616.patch: reject negative idx values in Modules/_json.c, added test to Lib/json/tests/test_decode.py. - CVE-2014-4616 * SECURITY UPDATE: code execution or file disclosure via CGIHTTPServer - debian/patches/CVE-2014-4650.patch: url unquote path in Lib/CGIHTTPServer.py, added test to Lib/test/test_httpservers.py. - CVE-2014-4650 * SECURITY UPDATE: information disclosure via buffer function - debian/patches/CVE-2014-7185.patch: avoid overflow in Objects/bufferobject.c, added test to Lib/test/test_buffer.py. - CVE-2014-7185	Marc Deslauriers	2.7.3-0ubuntu3.8	8 years ago
59	* SECURITY UPDATE: denial of service and possible code execu... * SECURITY UPDATE: denial of service and possible code execution via buffer overflow in socket.recvfrom_into - debian/patches/CVE-2014-1912.diff: check buffer length in Modules/socketmodule.c, added tests to Lib/test/test_socket.py. - CVE-2014-1912	Marc Deslauriers	2.7.3-0ubuntu3.5	10 years ago
58	* SECURITY UPDATE: incorrect ssl hostname verification * SECURITY UPDATE: incorrect ssl hostname verification - debian/patches/CVE-2013-4238.diff: correctly handle NULL bytes in the subjectAltName in Modules/_ssl.c, add test to Lib/test/test_ssl.py, Lib/test/nullbytecert.pem. - CVE-2013-4238 * debian/patches/disable-ssl-cert-tests.diff: disable patch to re-enable ssl cert tests. * debian/patches/fix_expired_certs.diff: update expired ssl certs to fix ssl tests. * debian/patches/disable_ssl_test_algorithms.diff: disable a test that requires SNI support. * This package does _not_ contain the changes from 2.7.3-0ubuntu3.3 in precise-proposed.	Marc Deslauriers	2.7.3-0ubuntu3.4	10 years ago
57	* python2.7-minimal needs a versioned depends on python-mini... * python2.7-minimal needs a versioned depends on python-minimal, not a Conflicts. Conflicts with essential packages, versioned or otherwise, are a serious problem for upgrades, as the previous upload demonstrated. Instead, we allow a circular dependency between python2.7-minimal and python-minimal, and rely on the fact that the package manager ensures new versions of both packages will be unpacked before running the maintainer script from python2.7-minimal. LP: #986374. * Our versioned dependency on python-minimal is 2.6.6-3+squeeze1, which is the first version shipping a pycompile that supports passing a -V option referring to a version python-minimal doesn't already know about.	Steve Langasek	2.7.3-0ubuntu3	12 years ago
56	python2.7-minimal: Conflict with python-minimal (<< 2.7.3). ... python2.7-minimal: Conflict with python-minimal (<< 2.7.3). LP: #983981.	Matthias Klose	2.7.3-0ubuntu2	12 years ago
55	Python 2.7.3 release. Python 2.7.3 release.	Matthias Klose	2.7.3-0ubuntu1	12 years ago
54	Merge with Debian; remaining changes: Merge with Debian; remaining changes:	Matthias Klose	2.7.3~rc2-2ubuntu1	12 years ago
53	* Loosen build dependency on expat (the version in precise h... * Loosen build dependency on expat (the version in precise has the security fixes applied). * Add safety check to ensure that the _bsddb extension is built.	Matthias Klose	2.7.3~rc2-1ubuntu1	12 years ago
52	Re-enable the db5.1 patch again. LP: #440889. Re-enable the db5.1 patch again. LP: #440889.	Steve Langasek	2.7.3~rc1-1ubuntu2	12 years ago
51	* Merge with Debian; remaining changes: * Merge with Debian; remaining changes: - Build-depend on libdb5.1-dev.	Matthias Klose	2.7.3~rc1-1ubuntu1	12 years ago
50	* Update to 20120216, taken from the 2.7 branch. * Update to 20120216, taken from the 2.7 branch. * Install an egg-info file for arparse.	Matthias Klose	2.7.2-13ubuntu5	12 years ago
49	Really apply the db5.1 patch. LP: #440889 (why is such an ol... Really apply the db5.1 patch. LP: #440889 (why is such an old and unrelated issue number used?).	Matthias Klose	2.7.2-13ubuntu4	12 years ago
48	Really apply the db5.1 patch. LP: #440889 (why is such an ol... Really apply the db5.1 patch. LP: #440889 (why is such an old and unrelated issue number used?).	Matthias Klose	2.7.2-13ubuntu3	12 years ago
47	Stop providing python-argparse. LP: #916188. Stop providing python-argparse. LP: #916188.	Matthias Klose	2.7.2-13ubuntu2	12 years ago
46	Build using libdb5.1. Build using libdb5.1.	Matthias Klose	2.7.2-13ubuntu1	12 years ago
45	Upload to precise. Upload to precise.	Matthias Klose	2.7.2-11ubuntu1	12 years ago
44	* Update to 20120105, taken from the 2.7 branch. * Update to 20120105, taken from the 2.7 branch. * Test build using db5.1. * Overwrite some lintian warnings: - The -dbg interpreters are not unusual. - The -gdb.py files don't need a python dependency. - lintian can't handle a whatis entry starting with one word on the line. * Fix test failures related to distutils debian installation layout. * Add build-arch/build-indep targets. * Regenerate Setup and Makefiles after correcting Setup.local. * profiled-build.diff: Pass PY_CFLAGS instead of CFLAGS for the profiled build. * Pass dpkg-buildflags to the build process, and build third party extensions with these flags. * Add support to build using -flto (and -g1) on some architectures. * Disable pgo builds for some architectures (for now, keep just amd64 armel armhf i386 powerpc ppc64). * Build-depend on libgdbm-dev to build and run the gdbm tests. * Build-depend on xvfb to run the tkinter tests. * python2.7: Provide python2.7-argparse and python-argparse. * Don't run test_threading on mips/mipsel.	Matthias Klose	2.7.2-9ubuntu1	12 years ago
43	Update to 20111217, taken from the 2.7 branch. Update to 20111217, taken from the 2.7 branch.	Matthias Klose	2.7.2-9	12 years ago
42	No-change rebuild to drop spurious libsfgcc1 dependency on a... No-change rebuild to drop spurious libsfgcc1 dependency on armhf.	Adam Conrad	2.7.2-8build1	12 years ago
41	* Update to 20111130, taken from the 2.7 branch. * Update to 20111130, taken from the 2.7 branch. * New patch, ctypes-arm, allow for ",hard-float" after libc6 in ldconfig -p output (Loic Minier). LP: #898172. * debian/rules: Define DPKG_VARS (Alban Browaeys). Closes: #647419). * Add python-config man page (Johann Felix Soden). Closes: #650181).	Matthias Klose	2.7.2-8	12 years ago

Older »