UbuntuUpdates.org

Package "setuptools"

Name: setuptools

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Python Distutils Enhancements (documentation)
  • Package Discovery and Resource Access using pkg_resources
  • Python3 Distutils Enhancements
Latest version: 45.2.0-1ubuntu0.2
Release: focal (20.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "setuptools" in Focal

Repository Area Version
base main 45.2.0-1
updates main 45.2.0-1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 45.2.0-1ubuntu0.2 2024-09-12 11:06:59 UTC

  setuptools (45.2.0-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: remote code execution via package download functions
    - debian/patches/CVE-2024-6345.patch: modernize and fix VCS handling
      to prevent code injection in setuptools/package_index.py and
      setuptools/tests/test_packageindex.py. Also update setup.cfg to
      include new test dependencies.
    - CVE-2024-6345

 -- Vyom Yadav <email address hidden> Thu, 05 Sep 2024 16:51:51 +0530
Source diff to previous version
CVE-2024-6345 A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. The

Version: 45.2.0-1ubuntu0.1 2023-01-23 11:07:21 UTC

  setuptools (45.2.0-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: ReDOS in package_index.py
    - debian/patches/CVE-2022-40897.patch: Limit the amount of
      whitespace to search/backtrack in setuptools/package_index.py.
    - CVE-2022-40897

 -- David Fernandez Gonzalez <email address hidden> Thu, 19 Jan 2023 16:02:49 +0100
CVE-2022-40897 Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or cust


About   -   Send Feedback to @ubuntu_updates