ELA-47-1 python2.7 security update

fixes for command injection, REDOS vulnerabilities and uninitialized Expat's hash

Packagepython2.7
Version2.7.3-6+deb7u5
Related CVE CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647

CVE-2018-1000802 fix command injection in shutil module

CVE-2018-1060 and CVE-2018-1061 fix REDOS vulnerabilities in poplib and difflib modules

CVE-2018-14647 fix uninitialized Expat’s hash

For Debian 7 Wheezy, these problems have been fixed in version 2.7.3-6+deb7u5.

We recommend that you upgrade your python2.7 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/