Accepted python-pip 9.0.1-2+deb9u2 (source all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 11 Sep 2020 10:56:35 +0100
Source: python-pip
Binary: python-pip python3-pip python-pip-whl
Architecture: source all
Version: 9.0.1-2+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
python-pip - Python package installer
python-pip-whl - Python package installer
python3-pip - Python package installer
Changes:
python-pip (9.0.1-2+deb9u2) stretch-security; urgency=high
.
* CVE-2019-20916: Prevent a directory traversal attack that was possible when
URLs were given in the install command. Arbitrary local files could be
overriden as a HTTP Content-Disposition header did not filter ../ in
filenames.
Checksums-Sha1:
c34dac701c8ce5f4422424d84ddfa891173f47e4 2732 python-pip_9.0.1-2+deb9u2.dsc
57ff41e99cb01b6a1c2b0999161589b726f0ec8b 1197370 python-pip_9.0.1.orig.tar.gz
966642eaecea462d7092973f7cd05fa6929ae89b 19204 python-pip_9.0.1-2+deb9u2.debian.tar.xz
fa863b821ae7d408a5fe99520e9e3c34b6311cf8 1399320 python-pip-whl_9.0.1-2+deb9u2_all.deb
134f4b453243303f319dd54faf2b595334020970 179442 python-pip_9.0.1-2+deb9u2_all.deb
8e9c2a89e7bdee33e98ec12fd807bd8e88b1498e 8304 python-pip_9.0.1-2+deb9u2_amd64.buildinfo
55ea4b323937cacd78afb697789cc262da6f0349 142736 python3-pip_9.0.1-2+deb9u2_all.deb
Checksums-Sha256:
6a7175c5b145723afb90991e4acd70fdfc1979731e0d81ba1d1f8b462b99fc83 2732 python-pip_9.0.1-2+deb9u2.dsc
09f243e1a7b461f654c26a725fa373211bb7ff17a9300058b205c61658ca940d 1197370 python-pip_9.0.1.orig.tar.gz
91cf069580d1649406b369ef4b1be596231169a8aa5a7ec863571331b17d01eb 19204 python-pip_9.0.1-2+deb9u2.debian.tar.xz
c28ff85b2b3162f1c702220c5c535851ff78fe8c70b9c2468e551081e78d9f0b 1399320 python-pip-whl_9.0.1-2+deb9u2_all.deb
f87a6ece3d6d540928d1da5da585c3d4dec89f0c5410a5956e4bb1952b1cda7c 179442 python-pip_9.0.1-2+deb9u2_all.deb
3481b38047cff3d9693cabc5da1808b3644f8385f8dd7a147154b0a705491ed8 8304 python-pip_9.0.1-2+deb9u2_amd64.buildinfo
364ff1cd7f7b19799ad4c523bdc3d32c69e345af3fe2e3456713d89fe6ad8b14 142736 python3-pip_9.0.1-2+deb9u2_all.deb
Files:
983ff89a56ff44bc6ecba498f072a0e6 2732 python optional python-pip_9.0.1-2+deb9u2.dsc
35f01da33009719497f01a4ba69d63c9 1197370 python optional python-pip_9.0.1.orig.tar.gz
d9cdec352612fcd912e5c3061d4d05f4 19204 python optional python-pip_9.0.1-2+deb9u2.debian.tar.xz
edd7b4eabf5b4b4e0158c5d45139a224 1399320 python optional python-pip-whl_9.0.1-2+deb9u2_all.deb
75f230cc952698e09890bbd1aaedc0f7 179442 python optional python-pip_9.0.1-2+deb9u2_all.deb
b72033b4d7dca435639dde684cf519a2 8304 python optional python-pip_9.0.1-2+deb9u2_amd64.buildinfo
5b2621a8d7544413f3622a03b818ab67 142736 python optional python3-pip_9.0.1-2+deb9u2_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl9bTkgACgkQHpU+J9Qx
Hlg/8w/+MlCHOiqncySt+HQLSqG/CTQ5UJheKqxgdPNP3PcGv4Mxt//zKQ6+c4zY
LvZvMxS5obQf8XKj1tA/YE7M6/QfGchBMDQzM2Ku7ts0LhHO8tNIj/DQhNWBo7/n
FM8K3WdUWX16eHpTc6AG7L1wqUDzCnLNumST9n+pBI771YyC3Fl6bxXeSOKxLjj1
CWDa1juMQ6poySaqCj9Sw++E5X8zj+nhyz7RDPmQznDWs0znPLJTfa1eG9LCI3kw
R4pu/YMLXi+YXqUGR4V8AW/SZStbsR5cVAozArLgeUWcEzBy2r5aSDetpabtXNp+
E6yJfFhJ0AGYlfomqo7CazDNjeZXcTkoCqCRNqktBoziz6matHojqvAGX5GgbBDt
yWb21t/A2S1/lvhcdDmKLBH83S9VJ5a1nr+rq2CbbYXzeERQh9yLqyatwLSSbfyZ
nPpWe7pJ8qmAnkdty1Rr1pDRGwrgXJnd//EMAe5cWKOaxehiyg9bQHVrdeg8bT+g
lBJuasG7RDPZ28kD9vgWT3Da2gTzuBL6HoVrHexLlbJUcKJRD8lwS5P+AvprLHpz
N8PttOldCZETdMKieULZrVB9kZeTNyG8WVMgVYiqhwGQrFMit9DvGuzLNM5BQcIY
owQftFYdBC7Dw3myWYT85XKELNKviEfYTNhCyIgk7/BSCH+rD4U=
=ZuP9
-----END PGP SIGNATURE-----
Reply to: