-
python3.1 (3.1.2-0ubuntu3.2) lucid-security; urgency=low
* SECURITY UPDATE: optionally disallow setting sys.path when setting
sys.argv
- debian/patches/CVE-2008-5983.dpatch: add new C API function,
PySys_SetArgvEx
- CVE-2008-5983
* SECURITY UPDATE: fix integer overflows in audioop module
- debian/patches/CVE-2010-1634.dpatch: Fix incorrect and UB-inducing
overflow checks
- CVE-2010-1634
* SECURITY UPDATE: fix DoS in audioop module
- debian/patches/CVE-2010-2089.dpatch: ensure that the input string length
is a multiple of the frame size
- CVE-2010-2089
* SECURE UPDATE: http://bugs.python.org/issue13512
- debian/patches/CVE-2011-4944.dpatch: create ~/.pypirc securely
- CVE-2011-4944
* SECURITY UPDATE: xmlrpc: Fix an endless loop in SimpleXMLRPCServer upon
malformed POST request
- debian/patches/CVE-2012-0845.dpatch: break if don't receive EOF in
Lib/SimpleXMLRPCServer.py
- CVE-2012-0845
* SECURITY UPDATE: fix hash randomization DoS
- debian/patches/CVE-2012-1150.dpatch: add -R command-line option and
PYTHONHASHSEED environment variable, to provide an opt-in way to protect
against denial of service attacks due to hash collisions within the dict
and set types.
- CVE-2012-1150
* SECURITY UPDATE: http://bugs.python.org/issue14579
- debian/patches/CVE-2012-2135.dpatch: fix vulnerability in the utf-16
decoder after error handling
- CVE-2012-2135
-- Jamie Strandboge <email address hidden> Tue, 23 Oct 2012 09:34:32 -0500
-
python3.1 (3.1.2-0ubuntu3.1) lucid-security; urgency=low
* SECURITY UPDATE: only process Location headers for http, https, and ftp
- http://bugs.python.org/issue11662
- CVE-2011-1521
* SECURITY UPDATE: adds proper error handling on accept() when smtpd accepts
new incoming connections
- http://bugs.python.org/issue9129
- CVE-2010-3493
-- Jamie Strandboge <email address hidden> Fri, 09 Dec 2011 09:33:22 -0600
-
python3.1 (3.1.2-0ubuntu3) lucid-proposed; urgency=low
* Assume working semaphores, don't rely on running kernel for the check.
LP: #630511.
* Disable test_threading test on powerpc, which fail on the buildds.
-- Matthias Klose <email address hidden> Mon, 20 Sep 2010 14:31:19 +0200
-
python3.1 (3.1.2-0ubuntu2) lucid; urgency=low
* Overwrite the sem_open autoconf check, depending on a newer
kernel version not available on the buildd. LP: #556477.
* debian/patches/issue8032.dpatch: Update to version from the
trunk. Upload for beta2 to avoid apport errors.
- Handle PyFrameObject's: LP: #543624, #548723.
- Detect cycles in object reference graph and add extra
protection: LP: #544823, LP: #552356.
-- Matthias Klose <email address hidden> Wed, 14 Apr 2010 23:54:59 +0200
-
python3.1 (3.1.2-0ubuntu1) lucid; urgency=low
* Python 3.1.2 release.
* Fix issue #4961: Inconsistent/wrong result of askyesno function in
tkMessageBox with Tcl8.5. LP: #462950.
* Don't complain when /usr/local is not writable on installation.
* Apply proposed patch for issue #8032, gdb7 hooks for debugging.
* Backport issue #8140: Extend compileall to compile single files.
Add -i option.
-- Matthias Klose <email address hidden> Sun, 21 Mar 2010 17:27:57 +0100
-
python3.1 (3.1.2~rc1-0ubuntu1) lucid; urgency=low
* Python 3.1.2 release candidate 1.
-- Matthias Klose <email address hidden> Thu, 11 Mar 2010 13:38:49 +0100
-
python3.1 (3.1.1-1ubuntu1) lucid; urgency=low
* Update to the 3.1 release branch, 20091102.
* distutils install: Don't install into /usr/local/local, if option
--prefix=/usr/local is present. LP: #456917.
* python3.1-doc: Fix searching in local documentation. LP: #456025.
-- Matthias Klose <email address hidden> Mon, 02 Nov 2009 12:38:24 +0100
-
python3.1 (3.1.1-0ubuntu4) karmic; urgency=low
* Update to the 3.1 release branch, 20091011.
* Remove /usr/local/lib/python3.1 on package removal, if empty.
* Build _hashlib as a builtin. LP: #445530.
* python3.1-doc: Don't compress the sphinx inventory.
* python3.1-doc: Fix jquery.js symlink. LP: #447370.
* Run the benchmark with -C 2 -n 5 -w 4 on all architectures.
* python3.1-dbg: Don't create debug subdirectory in /usr/local. No
separate debug directory needed anymore.
-- Matthias Klose <email address hidden> Sun, 11 Oct 2009 19:59:17 +0200
