Bug#829135: jessie-pu: package python2.7/2.7.9-2+deb8u1
On Tue, Jul 12, 2016 at 09:55:23PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Thu, 2016-06-30 at 22:17 +0200, Moritz Muehlenhoff wrote:
> > +python2.7 (2.7.9-2+deb8u1) jessie; urgency=medium
> > +
> > + * Backport upstream commit b3ce713fb9beebfff9848cefa0acbd59acc68fe9
> > + to address StartTLS stripping attack in smtplib (CVE-2016-0772)
> > + * Backport upstream commit 985fc64c60d6adffd1138b6cc46df388ca91ca5d
> > + to address integer overflow in zipimporter (CVE-2016-5636)
> > + * Backport upstream commit 1c45047c51020d46246385949d5c02e026d47320
> > + to address HTTP header injection (CVE-2016-5699)
>
> Please go ahead.
Uploaded.
Cheers,
Moritz
Reply to: