Format: 1.7 Date: Fri, 12 Oct 2012 09:03:09 -0500 Source: python2.5 Binary: python2.5 python2.5-minimal python2.5-examples python2.5-dev idle-python2.5 python2.5-doc python2.5-dbg Architecture: amd64 Version: 2.5.2-2ubuntu6.2 Distribution: hardy Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Jamie Strandboge Description: idle-python2.5 - An IDE for Python (v2.5) using Tkinter python2.5 - An interactive high-level object-oriented language (version 2.5) python2.5-dbg - Debug Build of the Python Interpreter (version 2.5) python2.5-dev - Header files and a static library for Python (v2.5) python2.5-doc - Documentation for the high-level object-oriented language Python python2.5-examples - Examples for the Python language (v2.5) python2.5-minimal - A minimal subset of the Python language (version 2.5) Changes: python2.5 (2.5.2-2ubuntu6.2) hardy-security; urgency=low . * SECURITY UPDATE: optionally disallow setting sys.path when setting sys.argv - debian/patches/CVE-2008-5983.dpatch: add new C API function, PySys_SetArgvEx - CVE-2008-5983 * SECURITY UPDATE: fix integer overflows in audioop module - debian/patches/CVE-2010-1634.dpatch: Fix incorrect and UB-inducing overflow checks - CVE-2010-1634 * SECURITY UPDATE: fix DoS in audioop module - debian/patches/CVE-2010-2089.dpatch: ensure that the input string length is a multiple of the frame size - CVE-2010-2089 * SECURITY UPDATE: Fix CGIHTTPServer information disclosure. - debian/patches/CVE-2011-1015.dpatch: Relative paths are now collapsed within the url properly before looking in cgi_directories. - CVE-2011-1015 * SECURITY UPDATE: update urllib and urllib2 for invalid redirections - debian/patches/CVE-2011-1521.dpatch: only process Location headers for http, https, and ftp - http://bugs.python.org/issue11662 - CVE-2011-1521 * SECURITY UPDATE: fix XSS in SimpleHTTPServer - debian/patches/CVE-2011-4940.dpatch: add a charset parameter to the Content-type - CVE-2011-4940 * SECURE UPDATE: http://bugs.python.org/issue13512 - debian/patches/CVE-2011-4944.dpatch: create ~/.pypirc securely - CVE-2011-4944 * SECURITY UPDATE: xmlrpc: Fix an endless loop in SimpleXMLRPCServer upon malformed POST request - debian/patches/CVE-2012-0845.dpatch: break if don't receive EOF in Lib/SimpleXMLRPCServer.py - CVE-2012-0845 * SECURITY UPDATE: Denial of service via hash collisions - debian.patches/CVE-2012-0876+CVE-2012-1148.dpatch: Add random salt value to hash inputs in lib/xmlparse.c - CVE-2012-0876 * SECURITY UPDATE: Denial of service via memory leak - debian.patches/CVE-2012-0876+CVE-2012-1148.dpatch: Properly reallocate memory in lib/xmlparse.c - CVE-2012-1148 * SECURITY UPDATE: fix DoS in smtpd.py - debian/patches/CVE-2010-3493.dpatch: adds proper error handling on accept() when smtpd accepts new incoming connections - http://bugs.python.org/issue9129 - CVE-2010-3493 Files: a1a81916f6a8987d1f8d187b8610d149 3035666 python optional python2.5_2.5.2-2ubuntu6.2_amd64.deb e5471a4e1d3a211ae895abb855f88dbf 1283712 python required python2.5-minimal_2.5.2-2ubuntu6.2_amd64.deb 6a778228a792bf00d0d2039532b611b9 2038906 python optional python2.5-dev_2.5.2-2ubuntu6.2_amd64.deb 39eef2cf3f56a279014437257b5f0cd5 7951416 python extra python2.5-dbg_2.5.2-2ubuntu6.2_amd64.deb Original-Maintainer: Matthias Klose