-
python3.7 (3.7.3-2ubuntu0.2) disco-security; urgency=medium
* SECURITY UPDATE: incorrect email address parsing
- debian/patches/CVE-2019-16056.patch: don't parse domains containing @
in Lib/email/_header_value_parser.py, Lib/email/_parseaddr.py,
Lib/test/test_email/test__header_value_parser.py,
Lib/test/test_email/test_email.py.
- CVE-2019-16056
* SECURITY UPDATE: XSS in documentation XML-RPC server
- debian/patches/CVE-2019-16935.patch: escape the server_title in
Lib/xmlrpc/server.py, Lib/test/test_docxmlrpc.py.
- CVE-2019-16935
-- Marc Deslauriers <email address hidden> Mon, 07 Oct 2019 08:56:13 -0400
-
python3.7 (3.7.3-2ubuntu0.1) disco-security; urgency=medium
* SECURITY UPDATE: HTTP header injection
- debian/patches/CVE-2019-9740.patch: disallow control chars in http
URLs in Lib/http/client.py, Lib/test/test_urllib.py,
Lib/test/test_xmlrpc.py.
- CVE-2019-9740
- CVE-2019-9947
* SECURITY UPDATE: urllib support the local_file: scheme
- debian/patches/CVE-2019-9948.patch: disallow file reading in
Lib/urllib/request.py, Lib/test/test_urllib.py.
- CVE-2019-9948
* SECURITY UPDATE: incomplete fix for CVE-2019-9636
- debian/patches/CVE-2019-10160-1.patch: fix handling of
pre-normalization characters in urlsplit() in
Lib/test/test_urlparse.py, Lib/urllib/parse.py.
- debian/patches/CVE-2019-10160-2.patch: correct fix to handle
decomposition in usernames in Lib/test/test_urlparse.py,
Lib/urllib/parse.py.
- CVE-2019-10160
-- Marc Deslauriers <email address hidden> Tue, 20 Aug 2019 13:04:43 -0400
-
python3.7 (3.7.3-2) unstable; urgency=medium
* d/p/arm-alignment.diff: Don't allow unaligned memory accesses in the
_sha3 extension (Dave Jones). LP: #1821869. Issue #36515.
* Tweak the asyncio/ssl test again.
-- Matthias Klose <email address hidden> Wed, 03 Apr 2019 07:39:12 +0200
-
python3.7 (3.7.3-1ubuntu1) disco; urgency=medium
* Tweak the asyncio/ssl test again.
-- Matthias Klose <email address hidden> Tue, 26 Mar 2019 21:05:42 +0100
-
python3.7 (3.7.3-1) unstable; urgency=medium
* Python 3.7.3 release.
* Work around issue #35988, reducing the payload size for the asyncio/ssl
tests.
-- Matthias Klose <email address hidden> Tue, 26 Mar 2019 08:25:18 +0100
-
python3.7 (3.7.3~rc1-1) unstable; urgency=medium
* Python 3.7.3 release candidate 1.
* CVE-2019-9636. Fix issue #36216: Add check for characters in netloc that
normalize to separators. Closes: #924072.
* Use a build profile for libbluetooth-dev (<!pkg.python3.7.nobluetooth>).
-- Matthias Klose <email address hidden> Wed, 13 Mar 2019 12:01:15 +0100
-
python3.7 (3.7.2-3) unstable; urgency=medium
* Update to 20190227 from the 3.7 branch.
* Add more breaks for packages not compatible with Python 3.7:
- xapers. Closes: #916914.
* Move the test/ann_module{,2,3} modules into libpython-stdlib.
Closes: #922285.
* Limit the import checks for some extension modules to native builds.
Closes: #921742.
-- Matthias Klose <email address hidden> Wed, 27 Feb 2019 16:41:59 +0100
-
python3.7 (3.7.2-2) unstable; urgency=medium
* Update to 20190202 from the 3.7 branch.
-- Matthias Klose <email address hidden> Sat, 02 Feb 2019 15:31:48 +0100
-
python3.7 (3.7.2-1build1) disco; urgency=medium
* No-change rebuild for readline soname change.
-- Matthias Klose <email address hidden> Mon, 14 Jan 2019 20:09:34 +0000
-
python3.7 (3.7.2-1) unstable; urgency=medium
* Python 3.7.2 release.
* Revert the link optimization changes which appeared after the
release candidate.
* Make the build compatible with sphinx 1.6.x.
* Loosen the pyzo break. Closes: #916548.
-- Matthias Klose <email address hidden> Thu, 03 Jan 2019 03:55:40 +0100
-
python3.7 (3.7.2~rc1-1) unstable; urgency=medium
* Python 3.7.2 release candidate 1.
* Add more breaks for packages not compatible with Python 3.7:
- python3-dns. Closes: #912988.
- python3-dkim. Closes: #912084.
- pyzo. Closes: #914332.
* Update VCS attributes. Closes: #904097.
* Update symbols files.
-- Matthias Klose <email address hidden> Wed, 12 Dec 2018 07:25:49 +0100
-
python3.7 (3.7.1-1) unstable; urgency=medium
* Python 3.7.1 release.
-- Matthias Klose <email address hidden> Sun, 21 Oct 2018 10:03:53 +0200
-
python3.7 (3.7.1-1~18.10) cosmic-proposed; urgency=medium
* SRU: LP: #1799202.
-- Matthias Klose <email address hidden> Mon, 22 Oct 2018 13:21:55 +0200
-
python3.7 (3.7.1~rc2-1) unstable; urgency=medium
* Python 3.7.1 release candidate 2.
-- Matthias Klose <email address hidden> Mon, 15 Oct 2018 11:24:12 +0200