[Bug 1822993] Re: SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8

Launchpad Bug Tracker 1822993 at bugs.launchpad.net
Mon Apr 29 16:47:55 UTC 2019 

This bug was fixed in the package python2.7 - 2.7.16-2~18.10

---------------
python2.7 (2.7.16-2~18.10) cosmic-proposed; urgency=medium

  * SRU: LP: #1822993.

python2.7 (2.7.16-2) unstable; urgency=high

  [ Matthias Klose ]
  * CVE-2019-9636. Fix issue #36216: Add check for characters in netloc that
    normalize to separators. Closes: #924073.
  * CVE-2019-9948. Fix issue #35907: Stop urllib exposing the local_file schema
    (file://).

  [ Dimitri John Ledkov ]
  * Bump Build-Depedency and Dependency of libssl-dev and libss1.1 to
    1.1.1 or higher. As TLS1.3 constants leak into ssl module, thus one
    shouldn't mix and match python2.7 & libssl1.1. LP: #1808476

python2.7 (2.7.16-1) unstable; urgency=medium

  * Python 2.7.16 release.
    - Now has a version without a trailing '+'. Closes: #914072.

python2.7 (2.7.16~rc1-1) unstable; urgency=medium

  * Python 2.7.16 release candidate 1.

python2.7 (2.7.15-9) unstable; urgency=medium

  * Update to 20190216 from the 2.7 branch.
    - Backport of TLS 1.3 related fixes from 3.7.
  * Drop the local TLS 1.3 backports.

python2.7 (2.7.15-8) unstable; urgency=medium

  * Fix typo in autopkg test.

python2.7 (2.7.15-7) unstable; urgency=medium

  * Expect the test_site test failing as in 3.7.

python2.7 (2.7.15-6) unstable; urgency=medium

  * Update to 20190201 from the 2.7 branch.
    - CVE-2013-1752: Limit imaplib.IMAP4_SSL.readline().
    - CVE-2018-14647: _elementtree.c doesn't call XML_SetHashSalt().
      Closes: #921039.
    - CVE-2019-5010: DsO vulnerability exists in the X509 certificate parser.
      Closes: #921040.
  * Bump standards version.
  * Update symbols file.

python2.7 (2.7.15-5) unstable; urgency=medium

  * Update to 20181127 from the 2.7 branch.
    - Fix issue #20744, running an external 'zip' in shutil.make_archive().
      CVE-2018-1000802. Closes: #909673.
  * Cherrypick in-progress backports to 2.7 branch from 3.6 branch to fix
    test_ssl assertions with openssl 1.1.1. Resolves autopkgtest failure
    of the 2.7 with openssl 1.1.1 (Dimitri John Ledkov).
  * Don't hard code location of netinet/in.h. Closes: #912422.
  * Update VCS attributes.

 -- Matthias Klose <doko at ubuntu.com>  Tue, 09 Apr 2019 06:50:39 +0200

** Changed in: python3-stdlib-extensions (Ubuntu Cosmic)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1822993

Title:
  SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8

Status in python-stdlib-extensions package in Ubuntu:
  Fix Released
Status in python2.7 package in Ubuntu:
  Fix Released
Status in python3-stdlib-extensions package in Ubuntu:
  Fix Released
Status in python3.7 package in Ubuntu:
  Fix Released
Status in python-stdlib-extensions source package in Bionic:
  Fix Committed
Status in python3-stdlib-extensions source package in Bionic:
  Fix Committed
Status in python-stdlib-extensions source package in Cosmic:
  Fix Committed
Status in python2.7 source package in Cosmic:
  Fix Released
Status in python3-stdlib-extensions source package in Cosmic:
  Fix Released
Status in python3.6 source package in Cosmic:
  Fix Released
Status in python3.7 source package in Cosmic:
  Fix Released

Bug description:
  SRU: update Python 3.7 to the 3.7.3 release, update Python 3.6 to the
  3.6.8 release.

  python3-stdlib-extensions also updates the modules to the 3.6.8
  release for Python 3.6.

  Acceptance Criteria: The package builds, and the test suite doesn't
  show regressions. The test suite passes in the autopkg tests.  The new
  packages don't cause regressions in a test rebuild of the main
  component.

  http://people.canonical.com/~doko/ftbfs-report/test-rebuild-20190404-cosmic.html
  http://people.canonical.com/~doko/ftbfs-report/test-rebuild-20190404-gcc8-cosmic.html

  The test rebuilds are finished, and don't show any regressions for the
  main component.

  Regression Potential: Python 3.7 isn't used by default, so we don't have many default users.
  Regression Potential: Python 3.6 could see some regressions, although we are trying to minimize the risk by doing the test rebuild.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-stdlib-extensions/+bug/1822993/+subscriptions

More information about the foundations-bugs mailing list