UbuntuUpdates.org

Package "python3.8"

Name: python3.8

Description:

Interactive high-level object-oriented language (version 3.8)

Latest version: 3.8.10-0ubuntu1~20.04
Release: focal (20.04)
Level: updates
Repository: main

Links


Download "python3.8"


Other versions of "python3.8" in Focal

Repository Area Version
base universe 3.8.2-1ubuntu1
base main 3.8.2-1ubuntu1
security main 3.8.10-0ubuntu1~20.04
security universe 3.8.10-0ubuntu1~20.04
updates universe 3.8.10-0ubuntu1~20.04

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.8.10-0ubuntu1~20.04 2021-06-30 15:06:27 UTC

  python3.8 (3.8.10-0ubuntu1~20.04) focal-proposed; urgency=medium

  * SRU: LP: #1928057. Backport Python 3.8.10 to 20.04 LTS.
  * Python 3.8.10 release.
  * Refresh patches.
  * Call python with -S when checking the minimal set of modules.
  * Try to detect whether python3-venv is missing (Stefano Rivera).
    Addresses: #977887.
  * Build a python3.8-full package.

Source diff to previous version
1928057 SRU: backport Python 3.8.10 to 20.04 LTS and 20.10

Version: 3.8.5-1~20.04.3 2021-06-01 13:06:26 UTC

  python3.8 (3.8.5-1~20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: improper handling of octal strings in ipaddress
    - debian/patches/CVE-2021-29921.patch: no longer tolerate leading zeros
      in IPv4 addresses in Lib/ipaddress.py, Lib/test/test_ipaddress.py.
    - CVE-2021-29921

 -- Marc Deslauriers <email address hidden> Thu, 27 May 2021 09:30:53 -0400

Source diff to previous version
CVE-2021-29921 In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) all

Version: 3.8.5-1~20.04.2 2021-02-25 15:06:23 UTC

  python3.8 (3.8.5-1~20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: Code execution from content received via HTTP
    - debian/patches/CVE-2020-27619-3.8.patch: no longer call eval() on
      content received via HTTP in Lib/test/multibytecodec_support.py.
    - CVE-2020-27619
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2021-3177-3.8.patch: replace snprintf with Python unicode
      formatting in ctypes param reprs in Lib/ctypes/test/test_parameters.py,
      Modules/_ctypes/callproc.c.
    - CVE-2021-3177
  * Skipping test_idle in riscv64 arch
    - debian/rules: adding test_idle to TEST_EXCLUDES in riscv64 arch due it
      hangs in build time.

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 27 Jan 2021 12:41:15 -0300

Source diff to previous version
CVE-2020-27619 In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
CVE-2021-3177 Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applic

Version: 3.8.5-1~20.04 2020-10-07 09:06:22 UTC

  python3.8 (3.8.5-1~20.04) focal-proposed; urgency=medium

  * SRU: LP: #1889218. Backport Python 3.8.5 to 20.04 LTS.

Source diff to previous version
1889218 SRU: backport Python 3.8.5 to 20.04 LTS

Version: 3.8.2-1ubuntu1.2 2020-07-22 16:07:08 UTC

  python3.8 (3.8.2-1ubuntu1.2) focal-security; urgency=medium

  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2019-20907.patch: avoid infinite loop in the
      tarfile module in Lib/tarfile.py, Lib/test/test_tarfile.py and add
      Lib/test/recursion.tar binary for test.
    - CVE-2019-20907
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2020-14422.patch: Resolve hash collisions for
      IPv4Interface and IPv6Interface in Lib/ipaddress.py,
      Lib/test/test_ipaddress.py.
    - CVE-2020-14422

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 16 Jul 2020 11:00:26 -0300

CVE-2019-20907 In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, becaus
CVE-2020-14422 Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote a



About   -   Send Feedback to @ubuntu_updates