-
python-pip (22.0.2+dfsg-1ubuntu0.4) jammy-security; urgency=medium
* SECURITY UPDATE: http cookie leakage via http redirect
- debian/patches/CVE-2023-43804.patch: removes the cookie from the
http request when it is redirected to a different origin.
- CVE-2023-43804
* SECURITY UPDATE: http body leakage via http redirect
- debian/patches/CVE-2023-45803.patch: removes the body from the
http request when it is redirected to a different origin and the
http verb is changed to GET.
- CVE-2023-45803
-- Jorge Sancho Larraz <email address hidden> Fri, 10 Nov 2023 13:42:40 +0100
-
python-pip (22.0.2+dfsg-1ubuntu0.3) jammy-security; urgency=medium
* No-change rebuild for requests update.
-- Marc Deslauriers <email address hidden> Mon, 05 Jun 2023 14:20:05 -0400
-
python-pip (22.0.2+dfsg-1ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: ReDOS in wheel.py
- debian/patches/CVE-2022-40898.patch: Fix potential DoS attack
via wheel_file_re by restricting matching dash and dot characters
in src/pip/_internal/models/wheel.py.
- CVE-2022-40898
-- David Fernandez Gonzalez <email address hidden> Tue, 28 Feb 2023 10:39:46 +0100
-
python-pip (22.0.2+dfsg-1ubuntu0.1) jammy-security; urgency=medium
* No-change rebuild due to wheel and setuptools update.
-- David Fernandez Gonzalez <email address hidden> Tue, 24 Jan 2023 10:23:13 +0100
-
python-pip (22.0.2+dfsg-1) unstable; urgency=medium
* New upstream release.
* Refresh patches.
* Update copyright.
* Unset PIP_NO_VENDOR_FOR_DOWNSTREAM, no longer needed.
-- Stefano Rivera <email address hidden> Wed, 02 Feb 2022 12:00:40 -0400
-
python-pip (21.3.1+dfsg-3) unstable; urgency=medium
* Source-only upload.
-- Stefano Rivera <email address hidden> Wed, 12 Jan 2022 19:38:23 -0400
-
python-pip (21.3.1+dfsg-1) unstable; urgency=medium
[ Stefano Rivera ]
* New upstream release.
- Drops Python 2.7 support.
* Refresh patches.
* Drop patch debian-python2.7-sysconfig-workaround.patch, no longer needed.
* Drop patches git-split-ascii, set_user_default, str-version, superseded
upstream. (Closes: #995959)
* Add myself to the copyright file.
* Bump watch file version to 4.
* Bump Standards-Version to 3.6.0, no changes needed.
* Stop de-vendoring dependencies, on balance this has caused more trouble
than it has saved.
- Drop patches debundle, handle-unbundled-requests,
wheel-and-pip-not-pip-wheels, debug-command-for-unbundled, no longer
needed.
- Patch: certifi-debian-ca-certificates, copied over from certifi source.
- Document vendored modules copyright.
* Re-enable "pip list --outdated" in autopkgtest.
* Allow stderr in pip3-editable.sh autopkgtest, for pip's new warning about
running as root.
* Exclude distlib Windows .exe locators from the source package.
- Drop lintian override for these.
* Bump debhelper compat level to 13.
* Build with pybuild's pyproject plugin.
* Drop Python 2 wheels, these may be provided by a separate source package.
(Closes: #938027, #999501, 1000826)
-- Stefano Rivera <email address hidden> Thu, 06 Jan 2022 22:06:12 -0400
-
python-pip (20.3.4-4) unstable; urgency=medium
* No-change upload against distlib 0.3.2+really+0.3.1-0.1.
-- Stefano Rivera <email address hidden> Thu, 01 Jul 2021 16:44:29 -0400
