Opened 4 years ago

Closed 4 years ago

Last modified 3 years ago

#13433 closed enhancement (fixed)


Reported by: Douglas R. Reno Owned by: thomas
Priority: high Milestone: 10.0
Component: BOOK Version: SVN
Severity: normal Keywords:


New point version

The final release of python2... ever!

Change History (7)

comment:1 by thomas, 4 years ago

Owner: changed from blfs-book to thomas
Status: newassigned

comment:2 by thomas, 4 years ago

What's New in Python 2.7.18 final? ==================================

*Release date: 2020-04-19*

There were no new changes in version 2.7.18.

What's New in Python 2.7.18 release candidate 1? ================================================

*Release date: 2020-04-04*


  • bpo-38945: Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process.
  • bpo-38804: Fixes a ReDoS vulnerability in :mod:http.cookiejar. Patch by Ben Caller.

Core and Builtins

  • bpo-38535: Fixed line numbers and column offsets for AST nodes for calls without arguments in decorators.


  • bpo-38576: Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised.
  • bpo-27973: Fix urllib.urlretrieve failing on subsequent ftp transfers from the same host.


  • bpo-38730: Fix problems identified by GCC's -Wstringop-truncation warning.


  • bpo-37025: AddRefActCtx() was needlessly being checked for failure in PC/dl_nt.c.


  • bpo-38295: Prevent failure of test_relative_path in test_py_compile on macOS Catalina.


  • bpo-38540: Fixed possible leak in :c:func:`PyArg_Parse` and similar functions for format units "es#" and "et#" when the macro :c:macro:`PY_SSIZE_T_CLEAN` is not defined.

comment:3 by thomas, 4 years ago

Resolution: fixed
Status: assignedclosed

Fixed in r23016

comment:4 by Douglas R. Reno, 4 years ago

Priority: normalhigh

Retroactively promote to High for CVE-2020-18348.

comment:5 by Douglas R. Reno, 4 years ago

Note that this vulnerability isn't exploitable on an LFS system above 8.4. The security vulnerability that allows this to occur, CVE-2016-10379 in glibc, was fixed in glibc-2.29.

comment:6 by Bruce Dubbs, 3 years ago

Milestone: 9.210,0

Milestone renamed

comment:7 by Bruce Dubbs, 3 years ago

Milestone: 10,010.0

Milestone renamed

Note: See TracTickets for help on using tickets.