Format: 1.8 Date: Tue, 25 Oct 2016 15:38:47 -0700 Source: python2.7 Binary: python2.7 python2.7-minimal libpython2.7 python2.7-examples python2.7-dev idle-python2.7 python2.7-doc python2.7-dbg Architecture: amd64 Version: 2.7.3-0ubuntu3.9 Distribution: precise Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Steve Beattie Description: idle-python2.7 - IDE for Python (v2.7) using Tkinter libpython2.7 - Shared Python runtime library (version 2.7) python2.7 - Interactive high-level object-oriented language (version 2.7) python2.7-dbg - Debug Build of the Python Interpreter (version 2.7) python2.7-dev - Header files and a static library for Python (v2.7) python2.7-doc - Documentation for the high-level object-oriented language Python python2.7-examples - Examples for the Python language (v2.7) python2.7-minimal - Minimal subset of the Python language (version 2.7) Changes: python2.7 (2.7.3-0ubuntu3.9) precise-security; urgency=medium . * SECURITY UPDATE: StartTLS stripping attack - debian/patches/CVE-2016-0772.patch: raise an error when STARTTLS fails in Lib/smtplib.py. - CVE-2016-0772 * SECURITY UPDATE: use of HTTP_PROXY flag supplied by attacker in CGI scripts (aka HTTPOXY attack) - debian/patches/CVE-2016-1000110-pre.patch: prefer lower_case proxy environment variables over UPPER_CASE or Mixed_Case ones. - debian/patches/CVE-2016-1000110.patch: if running as CGI script, forget HTTP_PROXY in Lib/urllib.py, add test to Lib/test/test_urllib.py, add documentation. - CVE-2016-1000110 * SECURITY UPDATE: Integer overflow when handling zipfiles - debian/patches/CVE-2016-5636-pre.patch: check for negative size in Modules/zipimport.c - debian/patches/CVE-2016-5636.patch: check for too large value in Modules/zipimport.c - CVE-2016-5636 * SECURITY UPDATE: CRLF injection vulnerability in the HTTPConnection.putheader - debian/patches/CVE-2016-5699.patch: disallow newlines in putheader() arguments when not followed by spaces or tabs in Lib/httplib.py, add tests in Lib/test/test_httplib.py - CVE-2016-5699 Checksums-Sha1: e5a2e74679e610d701a590581728828e42b30356 2677800 python2.7_2.7.3-0ubuntu3.9_amd64.deb ba00e0cdb2185a6a9935f59696e3414eabbbfa6e 1744976 python2.7-minimal_2.7.3-0ubuntu3.9_amd64.deb 52d8351529767b08915d4740f9d248e1e7272d60 1188416 libpython2.7_2.7.3-0ubuntu3.9_amd64.deb 21e5742e02587ea34c0b700f55be4b13e0118e8b 29537662 python2.7-dev_2.7.3-0ubuntu3.9_amd64.deb 409f285739b62381613a97923d8a53a2cacb81b6 9538316 python2.7-dbg_2.7.3-0ubuntu3.9_amd64.deb 60d30192f85fa2ed598977a41621d0589d30c13a 112582 python2.7-dbgsym_2.7.3-0ubuntu3.9_amd64.ddeb 11510580f4281729ee04dc46e51ede8822742d2b 197360 python2.7-minimal-dbgsym_2.7.3-0ubuntu3.9_amd64.ddeb 8b317a2b1252a390bc80bd9f944107756a69d031 180482 libpython2.7-dbgsym_2.7.3-0ubuntu3.9_amd64.ddeb Checksums-Sha256: 24cd97f7dfb03d5ed654036f12a3df008ccb6ea1effffbd41321224e0c9ef410 2677800 python2.7_2.7.3-0ubuntu3.9_amd64.deb f379b23464e6011edf7e2492e2e2a6e389093e8cca5e52e36a4d0cc15a5b37d6 1744976 python2.7-minimal_2.7.3-0ubuntu3.9_amd64.deb cdb2e35501b7c7d582265c31c96b4918d4b98e8760af27bc3139912c65dbceed 1188416 libpython2.7_2.7.3-0ubuntu3.9_amd64.deb 5f44974cfd69d5c33d619df6baecbbd4c63859395cbd32fce6c4eaa121668b56 29537662 python2.7-dev_2.7.3-0ubuntu3.9_amd64.deb f8b0daa7f6b8873fb65e07783c26ac73117e1b0b748acc23ec84741a198892bf 9538316 python2.7-dbg_2.7.3-0ubuntu3.9_amd64.deb e625da61cec98ea5503344d032cdc75e3d7b33cb2d772b7b238da1c298e0ded8 112582 python2.7-dbgsym_2.7.3-0ubuntu3.9_amd64.ddeb 9501d058acefd0576bc706dc467f86212906c075ee96e01093e4413f102a9121 197360 python2.7-minimal-dbgsym_2.7.3-0ubuntu3.9_amd64.ddeb d6d4d2d3726d0aae1a9add0aed6f7ecf7cbb80668bef50d9a38857ee0e00f260 180482 libpython2.7-dbgsym_2.7.3-0ubuntu3.9_amd64.ddeb Files: a5d223881faf81cceafe503f07f9a042 2677800 python optional python2.7_2.7.3-0ubuntu3.9_amd64.deb 7b55c3d935573d39d02b378fbfa8ebfc 1744976 python optional python2.7-minimal_2.7.3-0ubuntu3.9_amd64.deb 0b38e7bf142840d2082787238d9bb1a3 1188416 libs optional libpython2.7_2.7.3-0ubuntu3.9_amd64.deb d23d91f9397fcfac9f113204250824be 29537662 python optional python2.7-dev_2.7.3-0ubuntu3.9_amd64.deb 39be986e0aa49974fb2c2400374afd97 9538316 debug extra python2.7-dbg_2.7.3-0ubuntu3.9_amd64.deb 36b1c14290aeaf33f94600e336928fdf 112582 python extra python2.7-dbgsym_2.7.3-0ubuntu3.9_amd64.ddeb b84e7f811f71704e5e403145b2353164 197360 python extra python2.7-minimal-dbgsym_2.7.3-0ubuntu3.9_amd64.ddeb 5af31f7820db0da5f4bf4150a00ae3dc 180482 libs extra libpython2.7-dbgsym_2.7.3-0ubuntu3.9_amd64.ddeb Original-Maintainer: Matthias Klose