Univention Bugzilla – Bug 56644
python2.7: Multiple issues (5.0)
Last modified: 2023-09-27 18:17:23 CEST
New Debian python2.7 2.7.16-2+deb10u3 fixes: This update addresses the following issues: 2.7.16-2+deb10u3 (Wed, 20 Sep 2023 09:59:17 +0200) * Non-maintainer upload by the LTS Team. * Add testsuite-fix-with-expat.diff: Fix autopkgtests with updated expat. * Fix issue9189.diff: Update test suite to match behaviour change. * autopkgtest: mark distutils as non-failing * Add CVE-2021-23336.diff: Only use '&' as query string separator * Add CVE-2022-0391.diff: Make urlsplit robust against newlines * Add CVE-2022-48560.diff: Fix use-after-free in heapq module. * Add CVE-2022-48565.diff: Reject entities declarations while parsing XML plists. * Add CVE-2022-48566.diff: Make constant time comparison more constant-time. * Add CVE-2023-24329.diff: More WHATWG-compatible URL parsing * Add CVE-2023-40217.diff: Prevent reading unauthenticated data on a SSLSocket
--- mirror/ftp/pool/main/p/python2.7/python2.7_2.7.16-2+deb10u2.dsc +++ apt/ucs_5.0-0-errata5.0-5/source/python2.7_2.7.16-2+deb10u3.dsc @@ -1,3 +1,19 @@ +2.7.16-2+deb10u3 [Wed, 20 Sep 2023 09:59:17 +0200] Helmut Grohne <helmut@subdivi.de>: + + * Non-maintainer upload by the LTS Team. + * Add testsuite-fix-with-expat.diff: Fix autopkgtests with updated expat. + * Fix issue9189.diff: Update test suite to match behaviour change. + * autopkgtest: mark distutils as non-failing + * Add CVE-2021-23336.diff: Only use '&' as query string separator + * Add CVE-2022-0391.diff: Make urlsplit robust against newlines + * Add CVE-2022-48560.diff: Fix use-after-free in heapq module. + * Add CVE-2022-48565.diff: Reject entities declarations while parsing XML + plists. + * Add CVE-2022-48566.diff: Make constant time comparison more constant-time. + * Add CVE-2023-24329.diff: More WHATWG-compatible URL parsing + * Add CVE-2023-40217.diff: Prevent reading unauthenticated data on a + SSLSocket + 2.7.16-2+deb10u2 [Tue, 23 May 2023 16:13:27 +0200] Sylvain Beucler <beuc@debian.org>: * Non-maintainer upload by the LTS Security Team. <http://piuparts.knut.univention.de/5.0-5/#2932144295845511422>
OK: bug OK: yaml OK: announce_errata OK: patch ~OK: piuparts Upstream cross package file ownership issue. [5.0-5] 9530a054c0 Bug #56644: python2.7 2.7.16-2+deb10u3 doc/errata/staging/python2.7.yaml | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) [5.0-5] 0350063253 Bug #56644: python2.7 2.7.16-2+deb10u3 doc/errata/staging/python2.7.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x819>