landing-team-changes team mailing list archive

Thread
Date
[stable-overlay] python2.7 (2.7.9-2ubuntu3.1)

To: landing-team-changes@xxxxxxxxxxxxxxxxxxx
From: ubuntu.landing.team@xxxxxxxxx
Date: Mon, 13 Feb 2017 09:30:06 -0800 (PST)
Uploaded to the Stable Phone Overlay PPA (~ci-train-ppa-service/ubuntu/stable-phone-overlay vivid) archive

---------------
Format: 1.8
Date: Tue, 07 Feb 2017 21:47:08 -0600
Source: python2.7
Binary: python2.7 libpython2.7-stdlib python2.7-minimal libpython2.7-minimal libpython2.7 python2.7-examples python2.7-dev libpython2.7-dev libpython2.7-testsuite idle-python2.7 python2.7-doc python2.7-dbg libpython2.7-dbg
Architecture: source
Version: 2.7.9-2ubuntu3.1
Distribution: vivid-security
Urgency: medium
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@xxxxxxxxxxxxxxxx>
Changed-By: Emily Ratliff <emily.ratliff@xxxxxxxxxxxxx>
Description:
 idle-python2.7 - IDE for Python (v2.7) using Tkinter
 libpython2.7 - Shared Python runtime library (version 2.7)
 libpython2.7-dbg - Debug Build of the Python Interpreter (version 2.7)
 libpython2.7-dev - Header files and a static library for Python (v2.7)
 libpython2.7-minimal - Minimal subset of the Python language (version 2.7)
 libpython2.7-stdlib - Interactive high-level object-oriented language (standard library
 libpython2.7-testsuite - Testsuite for the Python standard library (v2.7)
 python2.7  - Interactive high-level object-oriented language (version 2.7)
 python2.7-dbg - Debug Build of the Python Interpreter (version 2.7)
 python2.7-dev - Header files and a static library for Python (v2.7)
 python2.7-doc - Documentation for the high-level object-oriented language Python
 python2.7-examples - Examples for the Python language (v2.7)
 python2.7-minimal - Minimal subset of the Python language (version 2.7)
Changes:
 python2.7 (2.7.9-2ubuntu3.1) vivid-security; urgency=medium
 .
   * SECURITY UPDATE: StartTLS stripping attack
     - debian/patches/CVE-2016-0772.patch: raise an error when
       STARTTLS fails in Lib/smtplib.py.
     - CVE-2016-0772
   * SECURITY UPDATE: use of HTTP_PROXY flag supplied by attacker in CGI
     scripts (aka HTTPOXY attack)
     - debian/patches/CVE-2016-1000110-pre.patch: prefer lower_case
       proxy environment variables over UPPER_CASE or Mixed_Case ones.
     - debian/patches/CVE-2016-1000110.patch: if running as CGI
       script, forget HTTP_PROXY in Lib/urllib.py, add test to
       Lib/test/test_urllib.py, add documentation.
     - CVE-2016-1000110
   * SECURITY UPDATE: Integer overflow when handling zipfiles
     - debian/patches/CVE-2016-5636-pre.patch: check for negative size
       in Modules/zipimport.c
     - debian/patches/CVE-2016-5636.patch: check for too large value in
       Modules/zipimport.c
     - CVE-2016-5636
Checksums-Sha1:
 f256998cacbc9066eb76d32d8d57efccf3fc211d 3336 python2.7_2.7.9-2ubuntu3.1.dsc
 63e4278b64774926ce8f4540ee78e6d7dd67933f 619187 python2.7_2.7.9-2ubuntu3.1.diff.gz
Checksums-Sha256:
 3850ef88060016359ec280cc89ecb3a770b31ede0f3720edcfd2661be4a1cbfa 3336 python2.7_2.7.9-2ubuntu3.1.dsc
 7d862a672d2b53b6a63b8c66fafdda7c07c56e18e9b077d95c6b8bef3197a525 619187 python2.7_2.7.9-2ubuntu3.1.diff.gz
Files:
 48bb490ae47763b871ad91366cb423e8 3336 python optional python2.7_2.7.9-2ubuntu3.1.dsc
 3b950be9a0833ae09a4981ccd6dc9e1e 619187 python optional python2.7_2.7.9-2ubuntu3.1.diff.gz
Original-Maintainer: Matthias Klose <doko@xxxxxxxxxx>