Package "python3.7-examples"
Name: |
python3.7-examples
|
Description: |
Examples for the Python language (v3.7)
|
Latest version: |
3.7.5-2ubuntu1~18.04.2 |
Release: |
bionic (18.04) |
Level: |
security |
Repository: |
universe |
Head package: |
python3.7 |
Links
Download "python3.7-examples"
Other versions of "python3.7-examples" in Bionic
Changelog
python3.7 (3.7.5-2ubuntu1~18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: Regular Expression Denial of Service
- debian/patches/CVE-2020-8492.patch: updates a regular expression in the
urllib.request.AbsatrctBasicAuthHandler class which allows for
catastrophic backtracking and could result in a Denial of Service
condition.
- CVE-2020-8492
* SECURITY UPDATE: Regular Expression Denial of Service
- debian/patches/CVE-2021-3733.patch: updates a regular expression in the
urllib.request.AbstractBasicAuthHandler class which has a quadratic
worst-case time complexity and could be abused by a malicious HTTP
server to cause a Denial of Service condition for a client.
- CVE-2021-3733
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2021-3737.patch: addresses the potential for the
urllib http client to enter into an infinite loop and hang on a 100
Continue response from a malicious server.
- debian/patches/CVE-2021-3737_test-fix.patch: improves the regression
test in Lib/test/test_httplib.py
- CVE-2021-3737
-- Ian Constantin <email address hidden> Thu, 09 Dec 2021 12:04:37 -0500
|
Source diff to previous version |
CVE-2020-8492 |
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular E |
CVE-2021-3733 |
Denial of service when identifying crafted invalid RFCs |
CVE-2021-3737 |
client can enter an infinite loop on a 100 Continue response from the server |
|
python3.7 (3.7.5-2~18.04.4) bionic-security; urgency=medium
* SECURITY UPDATE: Code execution from content received via HTTP
- debian/patches/CVE-2020-27619.patch: no longer call eval() on
content received via HTTP in Lib/test/multibytecodec_support.py.
- CVE-2020-27619
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2021-3177.patch: replace snprintf with Python unicode
formatting in ctypes param reprs in Lib/ctypes/test/test_parameters.py,
Modules/_ctypes/callproc.c.
- CVE-2021-3177
* debian/rules: Disable test_ttk_guionly for armhf, arm6, i386 and s390x.
-- Paulo Flabiano Smorigo <email address hidden> Tue, 23 Feb 2021 13:22:40 +0000
|
Source diff to previous version |
CVE-2020-27619 |
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. |
CVE-2021-3177 |
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applic |
|
python3.7 (3.7.3-2~18.04.1) bionic; urgency=medium
* Rebuild with OpenSSL 1.1.1. LP: #1797386
-- Dimitri John Ledkov <email address hidden> Wed, 03 Apr 2019 20:16:38 +0100
|
About
-
Send Feedback to @ubuntu_updates