Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1c425f85 by Sylvain Beucler at 2023-05-24T19:02:31+02:00 Reserve DLA-3432-1 for python2.7 - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -39893,7 +39893,6 @@ CVE-2022-45061 (An issue was discovered in Python before 3.11.1. An unnecessary [buster] - python3.7 <postponed> (Minor issue; fix along with next DLA) - python2.7 <removed> [bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications) - [buster] - python2.7 <postponed> (Minor issue, DoS, fix along with next DLA) NOTE: https://github.com/python/cpython/issues/98433 NOTE: https://github.com/python/cpython/pull/99092 NOTE: https://github.com/python/cpython/commit/a6f6c3a3d6f2b580f2d87885c9b8a9350ad7bf15 (v3.11.1) @@ -86815,7 +86814,6 @@ CVE-2015-20107 (In Python (aka CPython) up to 3.10.8, the mailcap module does no [stretch] - python3.5 <no-dsa> (Minor issue) - python2.7 <unfixed> [bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by security support) - [buster] - python2.7 <no-dsa> (Minor issue) [stretch] - python2.7 <no-dsa> (Minor issue) NOTE: https://bugs.python.org/issue24778 NOTE: https://github.com/python/cpython/issues/68966 @@ -109452,7 +109450,6 @@ CVE-2021-4189 (A flaw was found in Python, specifically in the FTP (File Transfe [experimental] - python2.7 2.7.18-13.1~exp1 - python2.7 2.7.18-13.1 [bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by security support) - [buster] - python2.7 <no-dsa> (Minor issue) NOTE: https://bugs.python.org/issue43285 NOTE: https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master) NOTE: https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3) @@ -130095,7 +130092,6 @@ CVE-2021-3737 (A flaw was found in python. An improperly handled HTTP response i - python3.4 <removed> - python2.7 <removed> [bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications) - [buster] - python2.7 <postponed> (Minor issue, DoS) NOTE: https://bugs.python.org/issue44022 NOTE: https://github.com/python/cpython/pull/25916 NOTE: https://github.com/python/cpython/pull/26503 @@ -131305,7 +131301,6 @@ CVE-2021-3733 (There's a flaw in urllib's AbstractBasicAuthHandler class. An att - python3.5 <removed> - python2.7 <removed> [bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications) - [buster] - python2.7 <postponed> (Minor issue, ReDoS) NOTE: https://bugs.python.org/issue43075 NOTE: https://github.com/python/cpython/pull/24391 NOTE: https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1 (master) @@ -167973,7 +167968,6 @@ CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in [stretch] - python3.7 <no-dsa> (Minor issue) - python3.5 <removed> - python2.7 2.7.18-2 - [buster] - python2.7 <no-dsa> (Minor issue) NOTE: https://bugs.python.org/issue42938 NOTE: https://github.com/python/cpython/pull/24239 NOTE: https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html @@ -220876,7 +220870,6 @@ CVE-2019-20907 (In Lib/tarfile.py in Python through 3.8.3, an attacker is able t [buster] - python3.7 3.7.3-2+deb10u2 - python3.5 <removed> (low) - python2.7 2.7.18-2 (low; bug #970099) - [buster] - python2.7 <no-dsa> (Minor issue) NOTE: https://bugs.python.org/issue39017 NOTE: https://github.com/python/cpython/commit/5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4 (master) NOTE: https://github.com/python/cpython/commit/f3232294ee695492f43d424cc6969d018d49861d (3.9-branch) @@ -241462,7 +241455,6 @@ CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, - python3.4 <removed> [jessie] - python3.4 <postponed> (Minor issue) - python2.7 2.7.18-2 (low; bug #970099) - [buster] - python2.7 <no-dsa> (Minor issue) [stretch] - python2.7 <ignored> (Too destructive to backport. Though the patch is partly ready. https://salsa.debian.org/lts-team/packages/python2.7/-/blob/master/debian/patches/CVE-2020-8492.patch) [jessie] - python2.7 <no-dsa> (Minor issue) NOTE: https://bugs.python.org/issue39503 ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[24 May 2023] DLA-3432-1 python2.7 - security update + {CVE-2015-20107 CVE-2019-20907 CVE-2020-8492 CVE-2020-26116 CVE-2021-3177 CVE-2021-3733 CVE-2021-3737 CVE-2021-4189 CVE-2022-45061} + [buster] - python2.7 2.7.16-2+deb10u2 [22 May 2023] DLA-3431-1 sqlite - security update {CVE-2016-6153 CVE-2018-8740} [buster] - sqlite 2.8.17-15+deb10u1 ===================================== data/dla-needed.txt ===================================== @@ -141,12 +141,6 @@ python-oslo.privsep NOTE: 20221231: Programming language: Python. NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/python-oslo.privsep.git -- -python2.7 (Sylvain Beucler) - NOTE: 20230416: Programming language: C, Python. - NOTE: 20230416: VCS: https://salsa.debian.org/lts-team/packages/python2.7.git - NOTE: 20230416: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/python.html - NOTE: 20230513: Backporting patches (Beuc) --- python3.7 NOTE: 20230220: Programming language: Python. NOTE: 20230220: VCS: https://salsa.debian.org/lts-team/packages/python3.7.git View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c425f856e0a2327d97bb090724ed1af850d29ec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c425f856e0a2327d97bb090724ed1af850d29ec You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits