** Changed in: python2.7 (Ubuntu)
Assignee: Hlib Korzhynskyy (hlibk) => (unassigned)
** Changed in: python2.7 (Ubuntu)
Status: In Progress => Confirmed
** Changed in: python2.7 (Ubuntu Xenial)
Status: In Progress => Fix Committed
** Changed in: python2.7 (Ubuntu Bionic)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/2125702
Title:
Fixes for CVE-2023-27043, CVE-2025-0938, CVE-2024-11168 not applied on
bionic, xenial, and trusty
Status in python2.7 package in Ubuntu:
Confirmed
Status in python2.7 source package in Trusty:
Fix Committed
Status in python2.7 source package in Xenial:
Fix Committed
Status in python2.7 source package in Bionic:
Fix Committed
Bug description:
On esm-infra/bionic and esm-infra/xenial, the patch that fixes
CVE-2023-27043 for python2.7 was not added to the
debian/patches/series.in file, so the fix is not applied.
On esm-infra-legacy/trusty, the patches that fix CVE-2024-11168 and
CVE-2025-0938 for python2.7 were not added to the
debian/patches/series.in file, so the fix is not applied. The
CVE-2024-11168 patch is also missing from the debian/patches
directory.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/2125702/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
