Debian 10260 Published by

A python2.7 security update has been released for Debian GNU/Linux 8 Extended LTS to address an issue where a crafted tar file could result in an infinite loop due to missing header validation.



ELA-265-1 python2.7 security update

Package python2.7
Version 2.7.9-2-ds1+deb8u6
Related CVEs CVE-2019-20907

An issue has been found in python2.7, an interactive high-level object-oriented language.

Opening a crafted tar file could result in an infinite loop due to missing header validation.

For Debian 8 jessie, these problems have been fixed in version 2.7.9-2-ds1+deb8u6.

We recommend that you upgrade your python2.7 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-265-1 python2.7 security update