This bug was fixed in the package python3.4 - 3.4.3-1ubuntu1~14.04.5 --------------- python3.4 (3.4.3-1ubuntu1~14.04.5) trusty-security; urgency=medium
* SECURITY UPDATE: StartTLS stripping attack - debian/patches/CVE-2016-0772.patch: raise an error when STARTTLS fails in Lib/smtplib.py. - CVE-2016-0772 * SECURITY UPDATE: use of HTTP_PROXY flag supplied by attacker in CGI scripts (aka HTTPOXY attack) - debian/patches/CVE-2016-1000110.patch: if running as CGI script, forget HTTP_PROXY in Lib/urllib.py, add test to Lib/test/test_urllib.py, add documentation. - CVE-2016-1000110 * SECURITY UPDATE: Integer overflow when handling zipfiles - debian/patches/CVE-2016-5636-pre.patch: check for negative size in Modules/zipimport.c - debian/patches/CVE-2016-5636.patch: check for too large value in Modules/zipimport.c - CVE-2016-5636 * SECURITY UPDATE: CRLF injection vulnerability in the HTTPConnection.putheader - debian/patches/CVE-2016-5699.patch: disallow newlines in putheader() arguments when not followed by spaces or tabs in Lib/httplib.py, add tests in Lib/test/test_httplib.py - CVE-2016-5699 -- Steve Beattie <sbeat...@ubuntu.com> Wed, 16 Nov 2016 12:38:40 -0800 ** Changed in: python3.4 (Ubuntu Trusty) Status: Triaged => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-0772 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-1000110 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-5636 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-5699 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1264554 Title: python3.4 autopkg test failures To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python3.3/+bug/1264554/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs