Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1c425f85 by Sylvain Beucler at 2023-05-24T19:02:31+02:00
Reserve DLA-3432-1 for python2.7
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -39893,7 +39893,6 @@ CVE-2022-45061 (An issue was discovered in Python
before 3.11.1. An unnecessary
[buster] - python3.7 <postponed> (Minor issue; fix along with next DLA)
- python2.7 <removed>
[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only
included to build a few applications)
- [buster] - python2.7 <postponed> (Minor issue, DoS, fix along with next
DLA)
NOTE: https://github.com/python/cpython/issues/98433
NOTE: https://github.com/python/cpython/pull/99092
NOTE:
https://github.com/python/cpython/commit/a6f6c3a3d6f2b580f2d87885c9b8a9350ad7bf15
(v3.11.1)
@@ -86815,7 +86814,6 @@ CVE-2015-20107 (In Python (aka CPython) up to 3.10.8,
the mailcap module does no
[stretch] - python3.5 <no-dsa> (Minor issue)
- python2.7 <unfixed>
[bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by
security support)
- [buster] - python2.7 <no-dsa> (Minor issue)
[stretch] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue24778
NOTE: https://github.com/python/cpython/issues/68966
@@ -109452,7 +109450,6 @@ CVE-2021-4189 (A flaw was found in Python,
specifically in the FTP (File Transfe
[experimental] - python2.7 2.7.18-13.1~exp1
- python2.7 2.7.18-13.1
[bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by
security support)
- [buster] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue43285
NOTE:
https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e
(master)
NOTE:
https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335
(v3.9.3)
@@ -130095,7 +130092,6 @@ CVE-2021-3737 (A flaw was found in python. An
improperly handled HTTP response i
- python3.4 <removed>
- python2.7 <removed>
[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only
included to build a few applications)
- [buster] - python2.7 <postponed> (Minor issue, DoS)
NOTE: https://bugs.python.org/issue44022
NOTE: https://github.com/python/cpython/pull/25916
NOTE: https://github.com/python/cpython/pull/26503
@@ -131305,7 +131301,6 @@ CVE-2021-3733 (There's a flaw in urllib's
AbstractBasicAuthHandler class. An att
- python3.5 <removed>
- python2.7 <removed>
[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only
included to build a few applications)
- [buster] - python2.7 <postponed> (Minor issue, ReDoS)
NOTE: https://bugs.python.org/issue43075
NOTE: https://github.com/python/cpython/pull/24391
NOTE:
https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1
(master)
@@ -167973,7 +167968,6 @@ CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer
overflow in PyCArg_repr in
[stretch] - python3.7 <no-dsa> (Minor issue)
- python3.5 <removed>
- python2.7 2.7.18-2
- [buster] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue42938
NOTE: https://github.com/python/cpython/pull/24239
NOTE:
https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html
@@ -220876,7 +220870,6 @@ CVE-2019-20907 (In Lib/tarfile.py in Python through
3.8.3, an attacker is able t
[buster] - python3.7 3.7.3-2+deb10u2
- python3.5 <removed> (low)
- python2.7 2.7.18-2 (low; bug #970099)
- [buster] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue39017
NOTE:
https://github.com/python/cpython/commit/5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4
(master)
NOTE:
https://github.com/python/cpython/commit/f3232294ee695492f43d424cc6969d018d49861d
(3.9-branch)
@@ -241462,7 +241455,6 @@ CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through
3.5.9, 3.6 through 3.6.10,
- python3.4 <removed>
[jessie] - python3.4 <postponed> (Minor issue)
- python2.7 2.7.18-2 (low; bug #970099)
- [buster] - python2.7 <no-dsa> (Minor issue)
[stretch] - python2.7 <ignored> (Too destructive to backport. Though
the patch is partly ready.
https://salsa.debian.org/lts-team/packages/python2.7/-/blob/master/debian/patches/CVE-2020-8492.patch)
[jessie] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue39503
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[24 May 2023] DLA-3432-1 python2.7 - security update
+ {CVE-2015-20107 CVE-2019-20907 CVE-2020-8492 CVE-2020-26116
CVE-2021-3177 CVE-2021-3733 CVE-2021-3737 CVE-2021-4189 CVE-2022-45061}
+ [buster] - python2.7 2.7.16-2+deb10u2
[22 May 2023] DLA-3431-1 sqlite - security update
{CVE-2016-6153 CVE-2018-8740}
[buster] - sqlite 2.8.17-15+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -141,12 +141,6 @@ python-oslo.privsep
NOTE: 20221231: Programming language: Python.
NOTE: 20230206: VCS:
https://salsa.debian.org/lts-team/packages/python-oslo.privsep.git
--
-python2.7 (Sylvain Beucler)
- NOTE: 20230416: Programming language: C, Python.
- NOTE: 20230416: VCS: https://salsa.debian.org/lts-team/packages/python2.7.git
- NOTE: 20230416: Testsuite:
https://lts-team.pages.debian.net/wiki/TestSuites/python.html
- NOTE: 20230513: Backporting patches (Beuc)
---
python3.7
NOTE: 20230220: Programming language: Python.
NOTE: 20230220: VCS: https://salsa.debian.org/lts-team/packages/python3.7.git
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c425f856e0a2327d97bb090724ed1af850d29ec
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c425f856e0a2327d97bb090724ed1af850d29ec
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
