[ubuntu/bionic-security] python2.7 2.7.17-1~18.04ubuntu1.7 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Mon Mar 28 09:37:48 UTC 2022


python2.7 (2.7.17-1~18.04ubuntu1.7) bionic-security; urgency=medium

  * SECURITY UPDATE: Expose sensitive information
    - debian/patches/CVE-2021-4189.patch: alters ftplib.FTP class
      behavior to not trust the IPv4 address sent from the remote
      server when setting up a passive data channel in
      resposne in Lib/ftplib.py, Lib/test/test_ftplib.py.
    - CVE-2021-4189
  * SECURITY UPDATE: Injection Attack
    - debian/patches/CVE-2022-0391.patch: sanitize urls in urlparse
      when it containing ASCII newline and tabs in
      Lib/test/test_urlparse.py,
      Lib/urlparse.py.
    - CVE-2022-0391

Date: 2022-03-18 16:02:09.858583+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/python2.7/2.7.17-1~18.04ubuntu1.7
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list