-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 11 Sep 2020 10:56:35 +0100 Source: python-pip Binary: python-pip python3-pip python-pip-whl Architecture: source all Version: 9.0.1-2+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: python-pip - Python package installer python-pip-whl - Python package installer python3-pip - Python package installer Changes: python-pip (9.0.1-2+deb9u2) stretch-security; urgency=high . * CVE-2019-20916: Prevent a directory traversal attack that was possible when URLs were given in the install command. Arbitrary local files could be overriden as a HTTP Content-Disposition header did not filter ../ in filenames. Checksums-Sha1: c34dac701c8ce5f4422424d84ddfa891173f47e4 2732 python-pip_9.0.1-2+deb9u2.dsc 57ff41e99cb01b6a1c2b0999161589b726f0ec8b 1197370 python-pip_9.0.1.orig.tar.gz 966642eaecea462d7092973f7cd05fa6929ae89b 19204 python-pip_9.0.1-2+deb9u2.debian.tar.xz fa863b821ae7d408a5fe99520e9e3c34b6311cf8 1399320 python-pip-whl_9.0.1-2+deb9u2_all.deb 134f4b453243303f319dd54faf2b595334020970 179442 python-pip_9.0.1-2+deb9u2_all.deb 8e9c2a89e7bdee33e98ec12fd807bd8e88b1498e 8304 python-pip_9.0.1-2+deb9u2_amd64.buildinfo 55ea4b323937cacd78afb697789cc262da6f0349 142736 python3-pip_9.0.1-2+deb9u2_all.deb Checksums-Sha256: 6a7175c5b145723afb90991e4acd70fdfc1979731e0d81ba1d1f8b462b99fc83 2732 python-pip_9.0.1-2+deb9u2.dsc 09f243e1a7b461f654c26a725fa373211bb7ff17a9300058b205c61658ca940d 1197370 python-pip_9.0.1.orig.tar.gz 91cf069580d1649406b369ef4b1be596231169a8aa5a7ec863571331b17d01eb 19204 python-pip_9.0.1-2+deb9u2.debian.tar.xz c28ff85b2b3162f1c702220c5c535851ff78fe8c70b9c2468e551081e78d9f0b 1399320 python-pip-whl_9.0.1-2+deb9u2_all.deb f87a6ece3d6d540928d1da5da585c3d4dec89f0c5410a5956e4bb1952b1cda7c 179442 python-pip_9.0.1-2+deb9u2_all.deb 3481b38047cff3d9693cabc5da1808b3644f8385f8dd7a147154b0a705491ed8 8304 python-pip_9.0.1-2+deb9u2_amd64.buildinfo 364ff1cd7f7b19799ad4c523bdc3d32c69e345af3fe2e3456713d89fe6ad8b14 142736 python3-pip_9.0.1-2+deb9u2_all.deb Files: 983ff89a56ff44bc6ecba498f072a0e6 2732 python optional python-pip_9.0.1-2+deb9u2.dsc 35f01da33009719497f01a4ba69d63c9 1197370 python optional python-pip_9.0.1.orig.tar.gz d9cdec352612fcd912e5c3061d4d05f4 19204 python optional python-pip_9.0.1-2+deb9u2.debian.tar.xz edd7b4eabf5b4b4e0158c5d45139a224 1399320 python optional python-pip-whl_9.0.1-2+deb9u2_all.deb 75f230cc952698e09890bbd1aaedc0f7 179442 python optional python-pip_9.0.1-2+deb9u2_all.deb b72033b4d7dca435639dde684cf519a2 8304 python optional python-pip_9.0.1-2+deb9u2_amd64.buildinfo 5b2621a8d7544413f3622a03b818ab67 142736 python optional python3-pip_9.0.1-2+deb9u2_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl9bTkgACgkQHpU+J9Qx Hlg/8w/+MlCHOiqncySt+HQLSqG/CTQ5UJheKqxgdPNP3PcGv4Mxt//zKQ6+c4zY LvZvMxS5obQf8XKj1tA/YE7M6/QfGchBMDQzM2Ku7ts0LhHO8tNIj/DQhNWBo7/n FM8K3WdUWX16eHpTc6AG7L1wqUDzCnLNumST9n+pBI771YyC3Fl6bxXeSOKxLjj1 CWDa1juMQ6poySaqCj9Sw++E5X8zj+nhyz7RDPmQznDWs0znPLJTfa1eG9LCI3kw R4pu/YMLXi+YXqUGR4V8AW/SZStbsR5cVAozArLgeUWcEzBy2r5aSDetpabtXNp+ E6yJfFhJ0AGYlfomqo7CazDNjeZXcTkoCqCRNqktBoziz6matHojqvAGX5GgbBDt yWb21t/A2S1/lvhcdDmKLBH83S9VJ5a1nr+rq2CbbYXzeERQh9yLqyatwLSSbfyZ nPpWe7pJ8qmAnkdty1Rr1pDRGwrgXJnd//EMAe5cWKOaxehiyg9bQHVrdeg8bT+g lBJuasG7RDPZ28kD9vgWT3Da2gTzuBL6HoVrHexLlbJUcKJRD8lwS5P+AvprLHpz N8PttOldCZETdMKieULZrVB9kZeTNyG8WVMgVYiqhwGQrFMit9DvGuzLNM5BQcIY owQftFYdBC7Dw3myWYT85XKELNKviEfYTNhCyIgk7/BSCH+rD4U= =ZuP9 -----END PGP SIGNATURE-----
