Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3972c4a8 by Anton Gladky at 2022-02-12T13:26:02+01:00 Reserve DLA-2919-1 for python2.7 - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -9402,7 +9402,6 @@ CVE-2021-4189 [ftplib should not use the host from the PASV response] - python2.7 <unfixed> [bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by security support) [buster] - python2.7 <no-dsa> (Minor issue) - [stretch] - python2.7 <no-dsa> (Minor issue) NOTE: https://bugs.python.org/issue43285 NOTE: https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master) NOTE: https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3) @@ -66169,7 +66168,6 @@ CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in - python3.5 <removed> - python2.7 2.7.18-2 [buster] - python2.7 <no-dsa> (Minor issue) - [stretch] - python2.7 <no-dsa> (Minor issue) NOTE: https://bugs.python.org/issue42938 NOTE: https://github.com/python/cpython/pull/24239 NOTE: https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[12 Feb 2022] DLA-2919-1 python2.7 - security update + {CVE-2021-3177 CVE-2021-4189} + [stretch] - python2.7 2.7.13-2+deb9u6 [12 Feb 2022] DLA-2918-1 debian-edu-config - security update {CVE-2021-20001} [stretch] - debian-edu-config 1.929+deb9u5 ===================================== data/dla-needed.txt ===================================== @@ -64,10 +64,6 @@ pgbouncer (Emilio) pjproject (Abhijith PA) NOTE: 20211230: patch available for the no-dsa issue, check its NOTE (pochu) -- -python2.7 (Anton) - NOTE: 20220112: 3 postponed CVEs (Beuc) - NOTE: 20220206: WIP https://salsa.debian.org/lts-team/packages/python2.7/ (Anton) --- samba NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/ NOTE: 20211212: Fix is too large, coordination with ELTS-upload (anton) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3972c4a864dbd9d6150654d226611bd8be13bfa2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3972c4a864dbd9d6150654d226611bd8be13bfa2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits