Publishing details


python2.7 (2.7.3-0ubuntu3.9) precise-security; urgency=medium

  * SECURITY UPDATE: StartTLS stripping attack
    - debian/patches/CVE-2016-0772.patch: raise an error when
      STARTTLS fails in Lib/
    - CVE-2016-0772
  * SECURITY UPDATE: use of HTTP_PROXY flag supplied by attacker in CGI
    scripts (aka HTTPOXY attack)
    - debian/patches/CVE-2016-1000110-pre.patch: prefer lower_case
      proxy environment variables over UPPER_CASE or Mixed_Case ones.
    - debian/patches/CVE-2016-1000110.patch: if running as CGI
      script, forget HTTP_PROXY in Lib/, add test to
      Lib/test/, add documentation.
    - CVE-2016-1000110
  * SECURITY UPDATE: Integer overflow when handling zipfiles
    - debian/patches/CVE-2016-5636-pre.patch: check for negative size in
    - debian/patches/CVE-2016-5636.patch: check for too large value in
    - CVE-2016-5636
  * SECURITY UPDATE: CRLF injection vulnerability in the
    - debian/patches/CVE-2016-5699.patch: disallow newlines in
      putheader() arguments when not followed by spaces or tabs in
      Lib/, add tests in Lib/test/
    - CVE-2016-5699

 -- Steve Beattie <email address hidden>  Tue, 25 Oct 2016 15:38:47 -0700

Available diffs


Built packages

Package files