-
python-pip (23.2+dfsg-1ubuntu0.1) mantic-security; urgency=medium
* SECURITY UPDATE: http cookie leakage via http redirect
- debian/patches/CVE-2023-43804.patch: removes the cookie from the
http request when it is redirected to a different origin.
- CVE-2023-43804
* SECURITY UPDATE: http body leakage via http redirect
- debian/patches/CVE-2023-45803.patch: removes the body from the
http request when it is redirected to a different origin and the
http verb is changed to GET.
- CVE-2023-45803
-- Jorge Sancho Larraz <email address hidden> Fri, 10 Nov 2023 11:12:38 +0100
-
python-pip (23.2+dfsg-1) unstable; urgency=medium
* New upstream release.
* Refresh patches.
* Update copyright.
* Mark venv-editable.sh autopgktest as needs-internet.
-- Stefano Rivera <email address hidden> Thu, 20 Jul 2023 10:41:09 +0200
-
python-pip (23.1.2+dfsg-2) unstable; urgency=medium
* Upload to unstable.
-- Stefano Rivera <email address hidden> Sat, 10 Jun 2023 17:38:17 -0400
-
python-pip (23.1.2+dfsg-1ubuntu1) mantic; urgency=medium
* No-change rebuild for requests security update (used ubuntu1 instead of
build1 because of security update versioning in lucid)
-- Marc Deslauriers <email address hidden> Mon, 12 Jun 2023 08:51:14 -0400
-
python-pip (23.1.2+dfsg-1) experimental; urgency=medium
* New upstream release.
* Correctly clean.
-- Stefano Rivera <email address hidden> Thu, 04 May 2023 15:37:05 -0400
-
python-pip (23.0.1+dfsg-1) unstable; urgency=medium
* New upstream bug-fix release.
* Update NEWS to reflect the true PEP-668 rollout in cpython3.
* Drop patches superseded upstream: break-system-packages, and
default-sysconfig-scheme.
-- Stefano Rivera <email address hidden> Sun, 19 Feb 2023 10:19:33 -0400