Register | Log in

python2.7

Choose email to subscribe with

general

source: python2.7 (main)
version: 2.7.18-8+deb11u1
maintainer: Matthias Klose (DMD)
arch: all any
std-ver: 4.5.0
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.7.16-2+deb10u1
o-o-sec: 2.7.16-2+deb10u3
oldstable: 2.7.18-8+deb11u1

versioned links

2.7.16-2+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.7.16-2+deb10u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.7.18-8+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

idle-python2.7
libpython2.7
libpython2.7-dbg
libpython2.7-dev
libpython2.7-minimal
libpython2.7-stdlib
libpython2.7-testsuite
python2.7
python2.7-dbg
python2.7-dev
python2.7-doc
python2.7-examples
python2.7-minimal

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

Debci reports failed tests high

unstable: pass (log)
The tests ran in 0:22:38
Last run: 2022-12-05T01:43:39.000Z
Previous status: pass

testing: pass (log)
The tests ran in 0:23:23
Last run: 2022-11-12T14:06:54.000Z
Previous status: pass

stable: fail (log)
The tests ran in 0:19:54
Last run: 2023-06-09T08:45:26.000Z
Previous status: fail

Created: 2022-03-31 Last update: 2023-10-08 02:25

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2015-20107: In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

Created: 2022-07-04 Last update: 2022-12-08 23:47

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2015-20107: In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

Created: 2022-07-04 Last update: 2022-11-23 05:34

No known security issue in bullseye wishlist

There are 8 open security issues in bullseye.

8 ignored issues:

CVE-2021-3733: There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
CVE-2021-3737: A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
CVE-2021-4189: A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.
CVE-2015-20107: In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9
CVE-2020-10735: A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
CVE-2020-26116: http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
CVE-2022-45061: An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
CVE-2023-27043: The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.

Created: 2022-07-04 Last update: 2023-10-07 13:36

news

[2023-09-25] Accepted python2.7 2.7.18-8+deb11u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Helmut Grohne)
[2023-09-20] Accepted python2.7 2.7.16-2+deb10u3 (source) into oldoldstable (Helmut Grohne)
[2023-05-24] Accepted python2.7 2.7.16-2+deb10u2 (source) into oldstable (Sylvain Beucler)
[2022-12-27] Removed 2.7.18-13.2 from unstable (Debian FTP Masters)
[2022-12-09] python2.7 REMOVED from testing (Debian testing watch)
[2022-08-03] python2.7 2.7.18-13.2 MIGRATED to testing (Debian testing watch)
[2022-08-01] Accepted python2.7 2.7.18-13.2 (source) into unstable (Unit 193)
[2022-04-03] python2.7 2.7.18-13.1 MIGRATED to testing (Debian testing watch)
[2022-03-31] Accepted python2.7 2.7.18-13.1 (source) into unstable (Anton Gladky)
[2022-03-31] Accepted python2.7 2.7.18-13.1~exp1 (source) into experimental (Anton Gladky)
[2022-02-24] python2.7 2.7.18-13 MIGRATED to testing (Debian testing watch)
[2022-02-22] Accepted python2.7 2.7.18-13 (source) into unstable (Matthias Klose)
[2022-02-12] Accepted python2.7 2.7.13-2+deb9u6 (source) into oldoldstable (Anton Gladky)
[2022-01-29] python2.7 2.7.18-12 MIGRATED to testing (Debian testing watch)
[2022-01-23] Accepted python2.7 2.7.18-12 (source) into unstable (Matthias Klose)
[2022-01-21] Accepted python2.7 2.7.18-11 (source) into unstable (Matthias Klose)
[2022-01-21] Accepted python2.7 2.7.18-10 (source) into unstable (Matthias Klose)
[2021-09-29] python2.7 2.7.18-9 MIGRATED to testing (Debian testing watch)
[2021-09-24] Accepted python2.7 2.7.18-9 (source) into unstable (Matthias Klose)
[2021-07-19] python2.7 2.7.18-8 MIGRATED to testing (Debian testing watch)
[2021-07-14] Accepted python2.7 2.7.18-8 (source) into unstable (Matthias Klose)
[2021-05-06] python2.7 2.7.18-7 MIGRATED to testing (Debian testing watch)
[2021-04-28] Accepted python2.7 2.7.18-7 (source) into unstable (Matthias Klose)
[2021-04-17] Accepted python2.7 2.7.13-2+deb9u5 (source) into oldstable (Anton Gladky)
[2021-03-15] python2.7 2.7.18-6 MIGRATED to testing (Debian testing watch)
[2021-03-09] Accepted python2.7 2.7.18-6 (source) into unstable (Matthias Klose)
[2021-03-09] python2.7 2.7.18-5 MIGRATED to testing (Debian testing watch)
[2021-02-27] Accepted python2.7 2.7.18-5 (source) into unstable (Matthias Klose)
[2021-02-26] Accepted python2.7 2.7.18-4 (source) into unstable (Matthias Klose)
[2021-02-26] Accepted python2.7 2.7.18-3 (source) into unstable (Matthias Klose)

1
2

bugs [bug history graph]

all: 0

links

buildd: logs, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing