Thanks for the update, as per https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983531#25 I see the fix is available in 10.10. Do we have any rough estimated timelines on the release date for 10.10?
On Fri, Apr 23, 2021 at 9:30 AM Debian Bug Tracking System < ow...@bugs.debian.org> wrote: > This is an automatic notification regarding your Bug report > which was filed against the python package: > > #986492: Python Vulnerability in Debian 10 Buster > > It has been closed by Salvatore Bonaccorso <car...@debian.org>. > > Their explanation is attached below along with your original report. > If this explanation is unsatisfactory and you have not received a > better one in a separate message then please contact Salvatore Bonaccorso < > car...@debian.org> by > replying to this email. > > > -- > 986492: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986492 > Debian Bug Tracking System > Contact ow...@bugs.debian.org with problems > > > > ---------- Forwarded message ---------- > From: Salvatore Bonaccorso <car...@debian.org> > To: Jai Bheemsen Rao Dhanwada <jaibheem...@gmail.com>, > 986492-d...@bugs.debian.org, j...@debian.org > Cc: > Bcc: > Date: Fri, 23 Apr 2021 18:27:26 +0200 > Subject: Re: Bug#986492: Python Vulnerability in Debian 10 Buster > Hi, > > On Tue, Apr 06, 2021 at 03:35:22PM -0700, Jai Bheemsen Rao Dhanwada wrote: > > Package: Python > > Version: 2.7.16 > > > > CVE-2021-3177 is reported on Python which has a fix available in 2.7.18 > > version in bullseye, sid. Can this be addressed in the buster version, so > > the people like me dependent on Python2.x can make use of the > Python-2.17.18 > > Ref: https://security-tracker.debian.org/tracker/CVE-2021-3177 > > > > The latest version of buster only has 2.7.16 and no > > Please see https://bugs.debian.org/983531 > > Regards, > Salvatore > > > ---------- Forwarded message ---------- > From: Jai Bheemsen Rao Dhanwada <jaibheem...@gmail.com> > To: sub...@bugs.debian.org > Cc: > Bcc: > Date: Tue, 6 Apr 2021 15:35:22 -0700 > Subject: Python Vulnerability in Debian 10 Buster > Package: Python > Version: 2.7.16 > > CVE-2021-3177 is reported on Python which has a fix available in 2.7.18 > version in bullseye, sid. Can this be addressed in the buster version, so > the people like me dependent on Python2.x can make use of the Python-2.17.18 > Ref: https://security-tracker.debian.org/tracker/CVE-2021-3177 > > The latest version of buster only has 2.7.16 and no > > # python -V >> Python 2.7.16 >> # cat /etc/*release* >> PRETTY_NAME="Debian GNU/Linux 10 (buster)" >> NAME="Debian GNU/Linux" >> VERSION_ID="10" >> VERSION="10 (buster)" >> VERSION_CODENAME=buster >> ID=debian >> HOME_URL="https://www.debian.org/"; >> SUPPORT_URL="https://www.debian.org/support"; >> BUG_REPORT_URL="https://bugs.debian.org/"; > > > # apt-cache policy python >> python: >> Installed: 2.7.16-1 >> Candidate: 2.7.16-1 >> Version table: >> *** 2.7.16-1 500 >> 500 http://deb.debian.org/debian buster/main amd64 Packages >> 100 /var/lib/dpkg/status >> # > >
