This bug was fixed in the package python2.7 - 2.7.17-1~18.04
---------------
python2.7 (2.7.17-1~18.04) bionic-proposed; urgency=medium
* SRU: LP: #1855133.
* Backport Python 2.7.17 to 18.04 LTS.
* Don't run the test_ttk_guionly test, hangs on the buildds.
python2.7 (2.7.17-1) unstable; urgency=medium
* Python 2.7.17 release.
python2.7 (2.7.17~rc1-1) unstable; urgency=medium
* Python 2.7.17 release candidate 1.
- CVE-2019-16056, don't parse domains containing @. Closes: #940901.
* Bump standards version.
python2.7 (2.7.16-4) unstable; urgency=medium
* Update to 20190904 from the 2.7 branch.
* Refresh patches.
* Drop build dependency on python:any. Addresses: #937569.
* Annotate Build-Depends: xvfb and xauth with <!nocheck>. Closes: #928514.
python2.7 (2.7.16-3) unstable; urgency=medium
* Update to 20190708 from the 2.7 branch.
* Bump standards version.
python2.7 (2.7.16-2) unstable; urgency=high
[ Matthias Klose ]
* CVE-2019-9636. Fix issue #36216: Add check for characters in netloc that
normalize to separators. Closes: #924073.
* CVE-2019-9948. Fix issue #35907: Stop urllib exposing the local_file schema
(file://).
[ Dimitri John Ledkov ]
* Bump Build-Depedency and Dependency of libssl-dev and libss1.1 to
1.1.1 or higher. As TLS1.3 constants leak into ssl module, thus one
shouldn't mix and match python2.7 & libssl1.1. LP: #1808476
python2.7 (2.7.16-1) unstable; urgency=medium
* Python 2.7.16 release.
- Now has a version without a trailing '+'. Closes: #914072.
python2.7 (2.7.16~rc1-1) unstable; urgency=medium
* Python 2.7.16 release candidate 1.
python2.7 (2.7.15-9) unstable; urgency=medium
* Update to 20190216 from the 2.7 branch.
- Backport of TLS 1.3 related fixes from 3.7.
* Drop the local TLS 1.3 backports.
python2.7 (2.7.15-8) unstable; urgency=medium
* Fix typo in autopkg test.
python2.7 (2.7.15-7) unstable; urgency=medium
* Expect the test_site test failing as in 3.7.
python2.7 (2.7.15-6) unstable; urgency=medium
* Update to 20190201 from the 2.7 branch.
- CVE-2013-1752: Limit imaplib.IMAP4_SSL.readline().
- CVE-2018-14647: _elementtree.c doesn't call XML_SetHashSalt().
Closes: #921039.
- CVE-2019-5010: DsO vulnerability exists in the X509 certificate parser.
Closes: #921040.
* Bump standards version.
* Update symbols file.
python2.7 (2.7.15-5) unstable; urgency=medium
* Update to 20181127 from the 2.7 branch.
- Fix issue #20744, running an external 'zip' in shutil.make_archive().
CVE-2018-1000802. Closes: #909673.
* Cherrypick in-progress backports to 2.7 branch from 3.6 branch to fix
test_ssl assertions with openssl 1.1.1. Resolves autopkgtest failure
of the 2.7 with openssl 1.1.1 (Dimitri John Ledkov).
* Don't hard code location of netinet/in.h. Closes: #912422.
* Update VCS attributes.
-- Matthias Klose <d...@ubuntu.com> Thu, 07 Nov 2019 11:07:09 +0100
** Changed in: python2.7 (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1752
** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2018-1000802
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14647
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-16056
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5010
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9636
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9948
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1855133
Title:
SRU: update python2.7 to the 2.7.17 release
Status in python-stdlib-extensions package in Ubuntu:
Fix Released
Status in python2.7 package in Ubuntu:
Fix Released
Status in python-stdlib-extensions source package in Bionic:
Fix Committed
Status in python2.7 source package in Bionic:
Fix Released
Status in python-stdlib-extensions source package in Eoan:
Fix Committed
Status in python2.7 source package in Eoan:
Fix Released
Bug description:
This is a proposal to backport the Python 2.7.17 release to bionic.
- python2.7
- python-stdlib-extensions
- python-defaults is not required, but could be used to
trigger autopkg tests in the -proposed pocket.
The package builds are prepared in
https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/ppa/+packages
[Impact]
Provide an upstream release for Python 2.7.
[Regression Potential]
There is regression potential, however with a test rebuild of the main
portion of the archive no regressions were found.
[Test Case]
No regressions in the Python test suite, and no regressions in the test
rebuild of the main component of the archive (all architectures)
As a test, an archive rebuild for main was performed, and no
regressions were found with this new package. The archive rebuild also
contained updated versions of gcc-7, gcc-8, python-stdlib-extensions
and python2.7. The GCC and Python packages should not infer with each
other.
[Validation]
Analyze the build logs for regressions.
The OpenStack packaging team is checking OpenStack against the built packages
in -proposed.
Summary of the test rebuilds:
https://people.canonical.com/~doko/ftbfs-report/test-rebuild-20191107-bionic-bionic.html
https://people.canonical.com/~doko/ftbfs-report/test-rebuild-20191107-bionic-gcc7-bionic.html
The first one is a reference build, the second one the test rebuild
with the updated components.
There are no additional regressions except for one Python test, which
sometimes hangs on the buildds, sometimes passes (test_ttk_guionly). Will
be disabled in a follow-up upload.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-stdlib-extensions/+bug/1855133/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
