News for package python-pip

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 3.0 (quilt)
Source: python-pip
Binary: python-pip, python3-pip, python-pip-whl
Architecture: all
Version: 1.5.6-4
Maintainer: Debian Python Modules Team <[email protected]>
Uploaders: Carl Chenet <[email protected]>, Jeff Licquia <[email protected]>
Homepage: http://www.pip-installer.org/
Standards-Version: 3.9.5
Vcs-Browser: http://anonscm.debian.org/viewvc/python-modules/packages/python-pip/trunk/
Vcs-Svn: svn://anonscm.debian.org/python-modules/packages/python-pip/trunk/
Build-Depends: debhelper (>= 8), dh-python, python-all (>= 2.6), python-docutils, python-mock, python-pytest, python-scripttest, python-setuptools, python-virtualenv, python3-all, python3-mock, python3-pytest, python3-scripttest, python3-setuptools, python3-wheel
Package-List:
 python-pip deb python optional arch=all
 python-pip-whl deb python optional arch=all
 python3-pip deb python optional arch=all
Checksums-Sha1:
 e6cd9e6f2fd8d28c9976313632ef8aa8ac31249e 938120 python-pip_1.5.6.orig.tar.gz
 ce6671b73684babd0ad81027df91a679457ddc0d 18700 python-pip_1.5.6-4.debian.tar.xz
Checksums-Sha256:
 b1a4ae66baf21b7eb05a5e4f37c50c2706fa28ea1f8780ce8efe14dcd9f1726c 938120 python-pip_1.5.6.orig.tar.gz
 ca116ab41783c4c18c77d3887cb4fd218711b845fe12b289d4d7573b3d31226e 18700 python-pip_1.5.6-4.debian.tar.xz
Files:
 01026f87978932060cc86c1dc527903e 938120 python-pip_1.5.6.orig.tar.gz
 953eae825364097bd01a50ec05406cfd 18700 python-pip_1.5.6-4.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUgqF1AAoJEHjX3vua1Zrxtr4P/0kSR1UUoMq48oeKPZv29ek7
SE+f4M8yTjEFUDAJXbUla7T2Hz42FJPLkEyoDrja2hq0KB1eaOj6GTM5NQVCY42Z
Azxsl4kg+PFd1oISIUi+hecGBNVbO0UWc3YjN9tR9oBEzW+yECxV5Pq1FV32xc+e
JB3/SXVoz+/7Jx2JbjFt70hNTcFolSYzAhURF5MiiV8zVETvWhgg3VcMhUr3sNeE
5+12I1TEwSV9k6KtYqz7cgHRXmTRYeTVz5NR3C5C8avtBEMCPbCovgqs/zZIvLBG
eogIk159r/peF/l3nYDCHE+e3dtpqZ//Dpv+d6ZkUEkxonMm9fwH29h+LmrvJ6cR
V+3WtsAIbJn7ejyj2RESwZPaIeKhLaeOJi5o/NUMFTsh5INEYm3c4K4JlNz0Qf2R
8NBmHHkqDGd5yH7tWKYyRNvhT/+OxUhAvbxQmqVS0Y5C8Gt5SKvE79hKyRHORTqg
qkHDVJRrVW8uxuoCFTwB6wfH9z8zCBMTkyzwJgAtEGDxU/WVO8y+dPkjGuvo6wU5
ZMWQ3D/DODmp1zgllodfWmJYxWuXUhLuUkrm6Bju8WGPPwncCZbeQIkOWQPUyEXW
StfWlVOA0FH5GRp6uyOTCNrDgPZglS8UL1Qy+u7WnUub3oesVpf64NAxRTgxZuwz
5TAzjdGqgmxdmriW8Lts
=zGZC
-----END PGP SIGNATURE-----

Changes:
python-pip (1.5.6-4) unstable; urgency=medium

  * Team upload.
  * Backport upstream fix to use non-predictable download directories
    - Fixes denial of service vector (CVE-2014-8991) (Closes: #725847)
    - Fixes retry failures (Closes: #769930)
  * Add patch (reviewed by upstream, but not commited there yet) to prevent
    pip from removing system python packages (Closes: #771794)

 -- Scott Kitterman <[email protected]>  Wed, 03 Dec 2014 13:46:31 -0500