group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 2125702] Re: Fixes for CVE-2023-27043, CVE-2025-0938, CVE-2024-11168 not applied on bionic, xenial, and trusty

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Hlib Korzhynskyy <2125702@xxxxxxxxxxxxxxxxxx>
Date: Mon, 29 Sep 2025 13:10:56 -0000
Reply-to: Bug 2125702 <2125702@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

bionic and xenial fixed with USN-7280-3.

trusty fixed with USN-7015-7.

** Changed in: python2.7 (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

** Changed in: python2.7 (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

** Changed in: python2.7 (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

** Changed in: python2.7 (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/2125702

Title:
  Fixes for CVE-2023-27043, CVE-2025-0938, CVE-2024-11168 not applied on
  bionic, xenial, and trusty

Status in python2.7 package in Ubuntu:
  Fix Released
Status in python2.7 source package in Trusty:
  Fix Released
Status in python2.7 source package in Xenial:
  Fix Released
Status in python2.7 source package in Bionic:
  Fix Released

Bug description:
  On esm-infra/bionic and esm-infra/xenial, the patch that fixes
  CVE-2023-27043 for python2.7 was not added to the
  debian/patches/series.in file, so the fix is not applied.

  On esm-infra-legacy/trusty, the patches that fix CVE-2024-11168 and
  CVE-2025-0938 for python2.7 were not added to the
  debian/patches/series.in file, so the fix is not applied. The
  CVE-2024-11168 patch is also missing from the debian/patches
  directory.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/2125702/+subscriptions