Debian Package Tracker
Register | Log in
Subscribe

python-pip

Choose email to subscribe with

general
  • source: python-pip (main)
  • version: 22.1+dfsg-1
  • maintainer: Debian Python Team (DMD)
  • uploaders: Carl Chenet [DMD] – Scott Kitterman [DMD] – Stefano Rivera [DMD]
  • arch: all
  • std-ver: 4.6.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 9.0.1-2+deb9u1
  • o-o-sec: 9.0.1-2+deb9u2
  • oldstable: 18.1-5
  • stable: 20.3.4-4
  • testing: 22.1+dfsg-1
  • unstable: 22.1+dfsg-1
versioned links
  • 9.0.1-2+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 9.0.1-2+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 18.1-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 20.3.4-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 22.1+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • python3-pip
  • python3-pip-whl
action needed
2 low-priority security issues in buster low

There are 2 open security issues in buster.

2 issues left for the package maintainer to handle:
  • CVE-2021-3572: (needs triaging) A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
  • CVE-2019-20916: (needs triaging) The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2022-05-19 05:36
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).
Created: 2022-05-11 Last update: 2022-05-17 05:43
news
[rss feed]
  • [2022-05-19] python-pip 22.1+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2022-05-16] Accepted python-pip 22.1+dfsg-1 (source) into unstable (Stefano Rivera)
  • [2022-03-16] Accepted python-pip 20.3.4-4+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Stefano Rivera)
  • [2022-02-05] python-pip 22.0.2+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2022-02-02] Accepted python-pip 22.0.2+dfsg-1 (source) into unstable (Stefano Rivera)
  • [2022-01-23] python-pip 21.3.1+dfsg-3 MIGRATED to testing (Debian testing watch)
  • [2022-01-12] Accepted python-pip 21.3.1+dfsg-3 (source) into unstable (Stefano Rivera)
  • [2022-01-12] Accepted python-pip 21.3.1+dfsg-2 (all source) into unstable, unstable (Debian FTP Masters) (signed by: Stefano Rivera)
  • [2022-01-07] Accepted python-pip 21.3.1+dfsg-1 (source) into unstable (Stefano Rivera)
  • [2021-07-09] python-pip 20.3.4-4 MIGRATED to testing (Debian testing watch)
  • [2021-07-01] Accepted python-pip 20.3.4-4 (source) into unstable (Stefano Rivera)
  • [2021-06-28] Accepted python-pip 20.3.4-3 (source) into unstable (Stefano Rivera)
  • [2021-05-18] python-pip 20.3.4-2 MIGRATED to testing (Debian testing watch)
  • [2021-05-12] Accepted python-pip 20.3.4-2 (source) into unstable (Stefano Rivera)
  • [2021-03-12] python-pip 20.3.4-1 MIGRATED to testing (Debian testing watch)
  • [2021-03-02] Accepted python-pip 20.3.4-1 (source) into unstable (Stefano Rivera)
  • [2020-09-12] Accepted python-pip 9.0.1-2+deb9u2 (source all) into oldstable (Chris Lamb)
  • [2020-05-29] python-pip 20.1.1-2 MIGRATED to testing (Debian testing watch)
  • [2020-05-27] Accepted python-pip 20.1.1-2 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
  • [2020-05-23] python-pip 20.1.1-1 MIGRATED to testing (Debian testing watch)
  • [2020-05-21] Accepted python-pip 20.1.1-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
  • [2020-05-11] python-pip 20.1-2 MIGRATED to testing (Debian testing watch)
  • [2020-05-09] Accepted python-pip 20.1-2 (source) into unstable (Stefano Rivera)
  • [2020-05-08] python-pip 20.1-1 MIGRATED to testing (Debian testing watch)
  • [2020-05-03] Accepted python-pip 20.1-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
  • [2020-05-01] python-pip 20.0.2-5 MIGRATED to testing (Debian testing watch)
  • [2020-04-20] Accepted python-pip 20.0.2-5 (source) into unstable (Stefano Rivera)
  • [2020-04-08] python-pip 20.0.2-4 MIGRATED to testing (Debian testing watch)
  • [2020-04-03] Accepted python-pip 20.0.2-4 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
  • [2020-04-03] python-pip 20.0.2-3 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 0
links
  • homepage
  • lintian
  • buildd: logs, clang, reproducibility
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 22.0.2+dfsg-1
  • 16 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing