[Bug 1264554] Re: python3.4 autopkg test failures

Launchpad Bug Tracker 1264554 at bugs.launchpad.net
Tue Nov 22 18:35:49 UTC 2016 

This bug was fixed in the package python3.4 - 3.4.3-1ubuntu1~14.04.5

---------------
python3.4 (3.4.3-1ubuntu1~14.04.5) trusty-security; urgency=medium

  * SECURITY UPDATE: StartTLS stripping attack
    - debian/patches/CVE-2016-0772.patch: raise an error when
      STARTTLS fails in Lib/smtplib.py.
    - CVE-2016-0772
  * SECURITY UPDATE: use of HTTP_PROXY flag supplied by attacker in CGI
    scripts (aka HTTPOXY attack)
    - debian/patches/CVE-2016-1000110.patch: if running as CGI
      script, forget HTTP_PROXY in Lib/urllib.py, add test to
      Lib/test/test_urllib.py, add documentation.
    - CVE-2016-1000110
  * SECURITY UPDATE: Integer overflow when handling zipfiles
    - debian/patches/CVE-2016-5636-pre.patch: check for negative size in
      Modules/zipimport.c
    - debian/patches/CVE-2016-5636.patch: check for too large value in
      Modules/zipimport.c
    - CVE-2016-5636
  * SECURITY UPDATE: CRLF injection vulnerability in the
    HTTPConnection.putheader
    - debian/patches/CVE-2016-5699.patch: disallow newlines in
      putheader() arguments when not followed by spaces or tabs in
      Lib/httplib.py, add tests in Lib/test/test_httplib.py
    - CVE-2016-5699

 -- Steve Beattie <sbeattie at ubuntu.com>  Wed, 16 Nov 2016 12:38:40 -0800

** Changed in: python3.4 (Ubuntu Trusty)
       Status: Triaged => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-0772

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-1000110

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5636

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5699

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python3.3 in Ubuntu.
https://bugs.launchpad.net/bugs/1264554

Title:
  python3.4 autopkg test failures

Status in python3.3 package in Ubuntu:
  Won't Fix
Status in python3.4 package in Ubuntu:
  Fix Released
Status in python3.4 source package in Trusty:
  Fix Released

Bug description:
  see
  https://jenkins.qa.ubuntu.com/view/Trusty/view/AutoPkgTest/job/trusty-adt-python3.4/24/

  disabled these in the autopkg tests for now. need some investigation

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python3.3/+bug/1264554/+subscriptions

More information about the foundations-bugs mailing list