| Release | Version |
|---|---|
| jessie | 1.5.6-5+deb8u2 |
| stretch | 9.0.1-2+deb9u2 |
| buster | 18.1-5 |
| bullseye | 20.3.4-4+deb11u1 |
| bookworm | 23.0.1+dfsg-1 |
| trixie | 24.3.1+dfsg-1 |
| sid | 24.3.1+dfsg-1 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-5752 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | When installing a package from a Mercurial VCS URL (ie "pip install ... |
| CVE-2021-3572 | fixed | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | A flaw was found in python-pip in the way it handled Unicode separator ... |
| CVE-2019-20916 | fixed | fixed | vulnerable (no DSA) | fixed | fixed | fixed | fixed | The pip package before 19.2 for Python allows Directory Traversal when ... |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-20225 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | An issue was discovered in pip (all versions) because it installs the ... |
| Bug | Description |
|---|---|
| CVE-2014-8991 | pip 1.3 through 1.5.6 allows local users to cause a denial of service ... |
| CVE-2013-5123 | The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 use ... |
| CVE-2013-1888 | pip before 1.3 allows local users to overwrite arbitrary files via a s ... |
| CVE-2013-1629 | pip before 1.3 uses HTTP to retrieve packages from the PyPI repository ... |
| DSA / DLA | Description |
|---|---|
| ELA-452-1 | python-pip - security update |
| DLA-2370-1 | python-pip - security update |
| ELA-281-1 | python-pip - security update |