Univention Bugzilla – Bug 47890
python2.7: Multiple issues (4.3)
Last modified: 2018-10-04 14:27:50 CEST
New Debian python2.7 2.7.13-2+deb9u3 fixes: This update addresses the following issues: * DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) * DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) * Missing salt initialization in _elementtree.c module (CVE-2018-14647) * Command injection in the shutil module (CVE-2018-1000802)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/python2.7_2.7.13-2+deb9u2.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/python2.7_2.7.13-2+deb9u3.dsc @@ -1,3 +1,7 @@ +2.7.13-2+deb9u3 [Wed, 26 Sep 2018 20:42:22 +0200] Moritz Mühlenhoff <jmm@debian.org>: + + * CVE-2018-1000802, CVE-2018-1060, CVE-2018-1061, CVE-2018-14647 + 2.7.13-2+deb9u2 [Fri, 24 Nov 2017 18:33:09 +0100] Moritz Mühlenhoff <jmm@debian.org>: * Backport c3c9db89273fabc62ea1b48389d9a3000c1c03ae to address <http://10.200.17.11/4.3-2/#6102485430680181147>
OK: yaml OK: announce_errata OK: patch FAIL: piuparts [4.3-2] d8526e6d2a Bug #47890: python2.7 2.7.13-2+deb9u3 doc/errata/staging/python2.7.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)
(In reply to Philipp Hahn from comment #2) > FAIL: piuparts This is a bug in the python2.7 package, which removes files from *lib*python2.7*-minimal*: > 0m17.2s ERROR: FAIL: After purging files have disappeared: > /usr/lib/python2.7/lib-dynload/ owned by: libpython2.7-minimal:amd64 This failure can be ignored.
<http://errata.software-univention.de/ucs/4.3/258.html>