Package "python3.6-examples"
| Name: |
python3.6-examples
|
Description: |
Examples for the Python language (v3.6)
|
| Latest version: |
3.6.9-1~18.04ubuntu1.12 |
| Release: |
bionic (18.04) |
| Level: |
security |
| Repository: |
main |
| Head package: |
python3.6 |
Links
Download "python3.6-examples"
Other versions of "python3.6-examples" in Bionic
Changelog
|
python3.6 (3.6.9-1~18.04ubuntu1.6) bionic-security; urgency=medium
* SECURITY UPDATE: Regular Expression Denial of Service
- debian/patches/CVE-2021-3733.patch: updates a regular expression in the
urllib.request.AbstractBasicAuthHandler class which has a quadratic
worst-case time complexity and could be abused by a malicious HTTP
server to cause a Denial of Service condition for a client.
- CVE-2021-3733
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2021-3737.patch: addresses the potential for the
urllib http client to enter into an infinite loop and hang on a 100
Continue response from a malicious server.
- debian/patches/CVE-2021-3737_test-fix.patch: improves the regression
test in Lib/test/test_httplib.py
- CVE-2021-3737
-- Ian Constantin <email address hidden> Wed, 08 Dec 2021 16:08:43 -0500
|
| Source diff to previous version |
| CVE-2021-3733 |
Denial of service when identifying crafted invalid RFCs |
| CVE-2021-3737 |
client can enter an infinite loop on a 100 Continue response from the server |
|
|
python3.6 (3.6.9-1~18.04ubuntu1.4) bionic-security; urgency=medium
* SECURITY UPDATE: Code execution from content received via HTTP
- debian/patches/CVE-2020-27619-3.6.patch: no longer call eval() on
content received via HTTP in Lib/test/multibytecodec_support.py.
- CVE-2020-27619
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2021-3177-3.6.patch: replace snprintf with Python unicode
formatting in ctypes param reprs in Lib/ctypes/test/test_parameters.py,
Modules/_ctypes/callproc.c.
- CVE-2021-3177
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 26 Jan 2021 12:33:00 -0300
|
| Source diff to previous version |
| CVE-2020-27619 |
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. |
| CVE-2021-3177 |
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applic |
|
|
python3.6 (3.6.9-1~18.04ubuntu1.3) bionic-security; urgency=medium
* SECURITY UPDATE: CRLF injection
- debian/patches/CVE-2020-26116.patch: prevent header injection
in http methods in Lib/httplib.py, Lib/test/test_httlib.py.
- CVE-2020-26116
* debian/patches/disabling_test_ttk_guionly.patch: disabling ttk_guionly
test which is causing a hang for ppc64el build.
-- <email address hidden> (Leonidas S. Barbosa) Thu, 08 Oct 2020 09:12:24 -0300
|
| Source diff to previous version |
| CVE-2020-26116 |
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker contro |
|
|
python3.6 (3.6.9-1~18.04ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: Misleading information
- debian/patches/CVE-2019-17514.patch: explain that the orderness of the
of the result is system-dependant in Doc/library/glob.rst.
- CVE-2019-17514
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-9674.patch: add pitfalls to
zipfile module doc in Doc/library/zipfile.rst,
Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst.
- CVE-2019-9674
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2019-20907.patch: avoid infinite loop in the
tarfile module in Lib/tarfile.py, Lib/test/test_tarfile.py and add
Lib/test/recursion.tar binary for test.
- CVE-2019-20907
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2020-14422.patch: Resolve hash collisions for
IPv4Interface and IPv6Interface in Lib/ipaddress.py,
Lib/test/test_ipaddress.py.
- CVE-2020-14422
-- <email address hidden> (Leonidas S. Barbosa) Fri, 17 Jul 2020 09:50:27 -0300
|
| Source diff to previous version |
| CVE-2019-17514 |
library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrate |
| CVE-2019-9674 |
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. |
| CVE-2019-20907 |
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, becaus |
| CVE-2020-14422 |
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote a |
|
|
python3.6 (3.6.9-1~18.04ubuntu1) bionic-security; urgency=medium
* SECURITY UPDATE: CRLF injection
- debian/patches/CVE-2019-18348.patch: disallow control characters
in hostnames in http.client in Lib/http/client.py, Lib/test/test_urllib.py.
- CVE-2019-18348
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2020-8492.patch: fix the regex to prevent
the regex denial of service in Lib/urllib/request.py,
- CVE-2020-8492
-- <email address hidden> (Leonidas S. Barbosa) Fri, 17 Apr 2020 22:56:04 -0300
|
| CVE-2019-18348 |
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker co |
| CVE-2020-8492 |
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular E |
|
About
-
Send Feedback to @ubuntu_updates
