-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 3.0 (quilt) Source: python-pip Binary: python-pip, python3-pip, python-pip-whl Architecture: all Version: 1.5.6-4 Maintainer: Debian Python Modules Team <[email protected]> Uploaders: Carl Chenet <[email protected]>, Jeff Licquia <[email protected]> Homepage: http://www.pip-installer.org/ Standards-Version: 3.9.5 Vcs-Browser: http://anonscm.debian.org/viewvc/python-modules/packages/python-pip/trunk/ Vcs-Svn: svn://anonscm.debian.org/python-modules/packages/python-pip/trunk/ Build-Depends: debhelper (>= 8), dh-python, python-all (>= 2.6), python-docutils, python-mock, python-pytest, python-scripttest, python-setuptools, python-virtualenv, python3-all, python3-mock, python3-pytest, python3-scripttest, python3-setuptools, python3-wheel Package-List: python-pip deb python optional arch=all python-pip-whl deb python optional arch=all python3-pip deb python optional arch=all Checksums-Sha1: e6cd9e6f2fd8d28c9976313632ef8aa8ac31249e 938120 python-pip_1.5.6.orig.tar.gz ce6671b73684babd0ad81027df91a679457ddc0d 18700 python-pip_1.5.6-4.debian.tar.xz Checksums-Sha256: b1a4ae66baf21b7eb05a5e4f37c50c2706fa28ea1f8780ce8efe14dcd9f1726c 938120 python-pip_1.5.6.orig.tar.gz ca116ab41783c4c18c77d3887cb4fd218711b845fe12b289d4d7573b3d31226e 18700 python-pip_1.5.6-4.debian.tar.xz Files: 01026f87978932060cc86c1dc527903e 938120 python-pip_1.5.6.orig.tar.gz 953eae825364097bd01a50ec05406cfd 18700 python-pip_1.5.6-4.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUgqF1AAoJEHjX3vua1Zrxtr4P/0kSR1UUoMq48oeKPZv29ek7 SE+f4M8yTjEFUDAJXbUla7T2Hz42FJPLkEyoDrja2hq0KB1eaOj6GTM5NQVCY42Z Azxsl4kg+PFd1oISIUi+hecGBNVbO0UWc3YjN9tR9oBEzW+yECxV5Pq1FV32xc+e JB3/SXVoz+/7Jx2JbjFt70hNTcFolSYzAhURF5MiiV8zVETvWhgg3VcMhUr3sNeE 5+12I1TEwSV9k6KtYqz7cgHRXmTRYeTVz5NR3C5C8avtBEMCPbCovgqs/zZIvLBG eogIk159r/peF/l3nYDCHE+e3dtpqZ//Dpv+d6ZkUEkxonMm9fwH29h+LmrvJ6cR V+3WtsAIbJn7ejyj2RESwZPaIeKhLaeOJi5o/NUMFTsh5INEYm3c4K4JlNz0Qf2R 8NBmHHkqDGd5yH7tWKYyRNvhT/+OxUhAvbxQmqVS0Y5C8Gt5SKvE79hKyRHORTqg qkHDVJRrVW8uxuoCFTwB6wfH9z8zCBMTkyzwJgAtEGDxU/WVO8y+dPkjGuvo6wU5 ZMWQ3D/DODmp1zgllodfWmJYxWuXUhLuUkrm6Bju8WGPPwncCZbeQIkOWQPUyEXW StfWlVOA0FH5GRp6uyOTCNrDgPZglS8UL1Qy+u7WnUub3oesVpf64NAxRTgxZuwz 5TAzjdGqgmxdmriW8Lts =zGZC -----END PGP SIGNATURE----- Changes: python-pip (1.5.6-4) unstable; urgency=medium * Team upload. * Backport upstream fix to use non-predictable download directories - Fixes denial of service vector (CVE-2014-8991) (Closes: #725847) - Fixes retry failures (Closes: #769930) * Add patch (reviewed by upstream, but not commited there yet) to prevent pip from removing system python packages (Closes: #771794) -- Scott Kitterman <[email protected]> Wed, 03 Dec 2014 13:46:31 -0500