In addition to CVE-2025-0938, trusty is also missing the patch for CVE-2024-11168 (which acts as a prerequisite for CVE-2025-0938). This will be added alongside the missing patch for CVE-2025-0938.
** CVE added: https://cve.org/CVERecord?id=CVE-2024-11168 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python2.7 in Ubuntu. https://bugs.launchpad.net/bugs/2125702 Title: Fixes for CVE-2023-27043 and CVE-2025-0938 not applied on bionic, xenial, and trusty Status in python2.7 package in Ubuntu: In Progress Status in python2.7 source package in Trusty: In Progress Status in python2.7 source package in Xenial: In Progress Status in python2.7 source package in Bionic: In Progress Bug description: On esm-infra/bionic and esm-infra/xenial, the patch that fixes CVE-2023-27043 for python2.7 was not added to the debian/patches/series.in file, so the fix is not applied. On esm-infra-legacy/trusty, the patch that fixes CVE-2025-0938 for python2.7 was not added to the debian/patches/series.in file, so the fix is not applied. The patch is also incomplete. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/2125702/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
