Information on source package python2.7

Available versions

ReleaseVersion
jessie2.7.9-2-ds1-1+deb8u12
stretch2.7.13-2+deb9u9
stretch (security)2.7.13-2+deb9u6
buster2.7.16-2+deb10u1
buster (security)2.7.16-2+deb10u4
bullseye2.7.18-8+deb11u1

Open issues

BugjessiestretchbusterbullseyeDescription
CVE-2024-0450fixedfixedfixedvulnerable (no DSA, ignored)An issue was found in the CPython `zipfile` module affecting versions ...
CVE-2023-27043vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, ignored)The email module of Python through 3.11.3 incorrectly parses e-mail ad ...
CVE-2022-45061fixedfixedfixedvulnerable (no DSA, ignored)An issue was discovered in Python before 3.11.1. An unnecessary quadra ...
CVE-2021-4189fixedfixedfixedvulnerable (no DSA, ignored)A flaw was found in Python, specifically in the FTP (File Transfer Pro ...
CVE-2021-3737fixedfixedfixedvulnerable (no DSA, ignored)A flaw was found in python. An improperly handled HTTP response in the ...
CVE-2021-3733fixedfixedfixedvulnerable (no DSA, ignored)There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker ...
CVE-2020-26116fixedfixedfixedvulnerable (no DSA, ignored)http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x be ...
CVE-2020-10735vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)A flaw was found in python. In algorithms with quadratic time complexi ...
CVE-2015-20107fixedfixedfixedvulnerable (no DSA, ignored)In Python (aka CPython) up to 3.10.8, the mailcap module does not add ...

Open unimportant issues

BugjessiestretchbusterbullseyeDescription
CVE-2021-28861vulnerablevulnerablevulnerablevulnerablePython 3.x through 3.10 has an open redirection vulnerability in lib/h ...
CVE-2020-27619vulnerablevulnerablevulnerablevulnerableIn Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK ...
CVE-2019-18348vulnerablevulnerablevulnerablefixedAn issue was discovered in urllib2 in Python 2.x through 2.7.17 and ur ...
CVE-2019-9674vulnerablevulnerablevulnerablevulnerableLib/zipfile.py in Python through 3.7.2 allows remote attackers to caus ...
CVE-2018-1000030vulnerablevulnerablefixedfixedPython 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Hea ...
CVE-2017-17522vulnerablevulnerablevulnerablevulnerableLib/webbrowser.py in Python through 3.6.3 does not validate strings be ...
CVE-2016-1000110vulnerablefixedfixedfixedThe CGIHandler class in Python before 2.7.12 does not protect against ...
CVE-2013-7040vulnerablevulnerablevulnerablevulnerablePython 2.7 before 3.4 only uses the last eight bits of the prefix to r ...

Resolved issues

BugDescription
CVE-2023-41105An issue was discovered in Python 3.11 through 3.11.4. If a path conta ...
CVE-2023-40217An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, ...
CVE-2023-38898An issue in Python cpython v.3.7 allows an attacker to obtain sensitiv ...
CVE-2023-33595CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-fre ...
CVE-2023-24329An issue in the urllib.parse component of Python before 3.11.4 allows ...
CVE-2023-6597An issue was found in the CPython `tempfile.TemporaryDirectory` class ...
CVE-2023-6507An issue was found in CPython 3.12.0 `subprocess` module on POSIX plat ...
CVE-2022-48566An issue was discovered in compare_digest in Lib/hmac.py in Python thr ...
CVE-2022-48565An XML External Entity (XXE) issue was discovered in Python through 3. ...
CVE-2022-48564read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a po ...
CVE-2022-48560A use-after-free exists in Python through 3.9 via heappushpop in heapq ...
CVE-2022-42919Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows lo ...
CVE-2022-37454The Keccak XKCP SHA-3 reference implementation before fdc6fef has an i ...
CVE-2022-26488In Python before 3.10.3 on Windows, local users can gain privileges be ...
CVE-2022-0391A flaw was found in Python, specifically within the urllib.parse modul ...
CVE-2021-29921In Python before 3,9,5, the ipaddress library mishandles leading zero ...
CVE-2021-23336The package python/cpython from 0 and before 3.6.13, from 3.7.0 and be ...
CVE-2021-3426There's a flaw in Python 3's pydoc. A local or adjacent attacker who d ...
CVE-2021-3177Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctyp ...
CVE-2020-15801In Python 3.8.4, sys.path restrictions specified in a python38._pth fi ...
CVE-2020-15523In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, ...
CVE-2020-14422Lib/ipaddress.py in Python through 3.8.3 improperly computes hash valu ...
CVE-2020-8492Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 ...
CVE-2020-8315In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 thr ...
CVE-2019-20907In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craf ...
CVE-2019-16935The documentation XML-RPC server in Python through 2.7.16, 3.x through ...
CVE-2019-16056An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3 ...
CVE-2019-10160A security regression of CVE-2019-9636 was discovered in python since ...
CVE-2019-9948urllib in Python 2.x through 2.7.16 supports the local_file: scheme, w ...
CVE-2019-9947An issue was discovered in urllib2 in Python 2.x through 2.7.16 and ur ...
CVE-2019-9740An issue was discovered in urllib2 in Python 2.x through 2.7.16 and ur ...
CVE-2019-9636Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Impr ...
CVE-2019-5010An exploitable denial-of-service vulnerability exists in the X509 cert ...
CVE-2018-1000802Python Software Foundation Python (CPython) version 2.7 contains a CWE ...
CVE-2018-1000117Python Software Foundation CPython version From 3.2 until 3.6.4 on Win ...
CVE-2018-20852http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py ...
CVE-2018-20406Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a ...
CVE-2018-14647Python's elementtree C accelerator failed to initialise Expat's hash s ...
CVE-2018-1061python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is ...
CVE-2018-1060python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is ...
CVE-2017-1000158CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow ...
CVE-2016-5699CRLF injection vulnerability in the HTTPConnection.putheader function ...
CVE-2016-5636Integer overflow in the get_data function in zipimport.c in CPython (a ...
CVE-2016-0772The smtplib library in CPython (aka Python) before 2.7.12, 3.x before ...
CVE-2014-9365The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) ...
CVE-2014-7185Integer overflow in bufferobject.c in Python before 2.7.8 allows conte ...
CVE-2014-4650The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly h ...
CVE-2014-4616Array index error in the scanstring function in the _json module in Py ...
CVE-2014-2667Race condition in the _get_masked_mode function in Lib/os.py in Python ...
CVE-2014-1912Buffer overflow in the socket.recvfrom_into function in Modules/socket ...
CVE-2013-7440The ssl.match_hostname function in CPython (aka Python) before 2.7.9 a ...
CVE-2013-7338Python before 3.3.4 RC1 allows remote attackers to cause a denial of s ...
CVE-2013-4238The ssl.match_hostname function in the SSL module in Python 2.6 throug ...
CVE-2013-2099Algorithmic complexity vulnerability in the ssl.match_hostname functio ...
CVE-2013-1753The gzip_decode function in the xmlrpc client library in Python 3.4 an ...
CVE-2012-1150Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x b ...
CVE-2012-0845SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2. ...
CVE-2011-4944Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissio ...
CVE-2011-4940The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPSe ...
CVE-2011-3389The SSL protocol, as used in certain configurations in Microsoft Windo ...
CVE-2011-1521The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x befo ...
CVE-2010-3492The asyncore module in Python before 3.2 does not properly handle unsu ...
CVE-2010-2089The audioop module in Python 2.7 and 3.2 does not verify the relations ...
CVE-2010-1634Multiple integer overflows in audioop.c in the audioop module in Pytho ...
CVE-2010-1450Multiple buffer overflows in the RLE decoder in the rgbimg module in P ...
CVE-2010-1449Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 ...
CVE-2009-4134Buffer underflow in the rgbimg module in Python 2.5 allows remote atta ...

Security announcements

DSA / DLADescription
DLA-3771-1python2.7 - security update
ELA-1065-1python2.7 - security update
DLA-3575-1python2.7 - security update
ELA-950-1python2.7 - security update
ELA-853-1python2.7 - security update
DLA-3432-1python2.7 - security update
ELA-598-1python2.7 - security update
DLA-2919-1python2.7 - security update
ELA-435-1python2.7 - security update
DLA-2628-1python2.7 - security update
DLA-2337-1python2.7 - security update
ELA-265-1python2.7 - security update
DLA-1925-1python2.7 - security update
ELA-164-1python2.7 - security update
DLA-1906-1python2.7 - security update
ELA-158-1python2.7 - security update
DLA-1834-1python2.7 - security update
ELA-134-1python2.7 - security update
ELA-47-1python2.7 - security update
DSA-4306-1python2.7 - security update
DLA-1519-1python2.7 - security update
DLA-1189-1python2.7 - security update
DLA-522-1python2.7 - security update
DSA-2880-1python2.7 - security update

Search for package or bug name: Reporting problems