Information on source package python-pip

Available versions

Release	Version
bullseye	20.3.4-4+deb11u1
bookworm	23.0.1+dfsg-1
trixie	25.0+dfsg-1
sid	25.0+dfsg-1

Open issues

Bug	bullseye	bookworm	trixie	sid	Description
CVE-2023-5752	vulnerable (no DSA)	vulnerable (no DSA)	fixed	fixed	When installing a package from a Mercurial VCS URL (ie "pip install ...

Open unimportant issues

Bug	bullseye	bookworm	trixie	sid	Description
CVE-2018-20225	vulnerable	vulnerable	vulnerable	vulnerable	An issue was discovered in pip (all versions) because it installs the ...

Resolved issues

Bug	Description
CVE-2021-3572	A flaw was found in python-pip in the way it handled Unicode separator ...
CVE-2019-20916	The pip package before 19.2 for Python allows Directory Traversal when ...
CVE-2014-8991	pip 1.3 through 1.5.6 allows local users to cause a denial of service ...
CVE-2013-5123	The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 use ...
CVE-2013-1888	pip before 1.3 allows local users to overwrite arbitrary files via a s ...
CVE-2013-1629	pip before 1.3 uses HTTP to retrieve packages from the PyPI repository ...

Security announcements

DSA / DLA	Description
DLA-2370-1	python-pip - security update