touch-packages team mailing list archive

Thread
Date

[Bug 1401322] Re: Upgrade to Python 2.7.9

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Tyler Hicks <tyhicks@xxxxxxxxxxxxx>
Date: Mon, 25 Jan 2016 15:57:25 -0000
Reply-to: Bug 1401322 <1401322@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

The Ubuntu Security team has made the decision to not backport the fix
for CVE-2014-9365 to stable Ubuntu releases. The rationale can be found
in the Notes section of the corresponding Ubuntu CVE tracker entry:

  http://people.canonical.com/~ubuntu-
security/cve/2014/CVE-2014-9365.html

I think this bug can be closed since Ubuntu 15.04 and newer shipped
Python 2.7.9 or newer while Ubuntu 14.04 LTS and Ubuntu 12.04 LTS will
not be receiving the backported fix for CVE-2014-9365. We'll fix
individual applications that do not do proper certificate verification
in those two releases.

** Changed in: python-defaults (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python-defaults in Ubuntu.
https://bugs.launchpad.net/bugs/1401322

Title:
  Upgrade to Python 2.7.9

Status in python-defaults package in Ubuntu:
  Fix Released

Bug description:
  Python 2.7.9 contains numerous security improvements for Python.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-defaults/+bug/1401322/+subscriptions

References

[Bug 1401322] [NEW] Upgrade to Python 2.7.9
From: Alex Gaynor, 2014-12-11