UbuntuUpdates.org

Package "python3-pkg-resources"

Name: python3-pkg-resources

Description:

Package Discovery and Resource Access using pkg_resources
Latest version: 59.6.0-1.2ubuntu0.22.04.2
Release: jammy (22.04)
Level: security
Repository: main
Head package: setuptools
Homepage: https://pypi.python.org/pypi/setuptools

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "python3-pkg-resources"

All arch deb package
APT INSTALL

Other versions of "python3-pkg-resources" in Jammy

Repository Area Version
base main 59.6.0-1.2
updates main 59.6.0-1.2ubuntu0.22.04.2

Changelog

Version: 59.6.0-1.2ubuntu0.22.04.2 2024-09-12 11:07:00 UTC

  setuptools (59.6.0-1.2ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: remote code execution via package download functions
    - debian/patches/CVE-2024-6345.patch: modernize and fix VCS handling
      to prevent code injection in setuptools/package_index.py and
      setuptools/tests/test_packageindex.py. Also update setup.cfg to
      include new test dependencies.
    - CVE-2024-6345

 -- Vyom Yadav <email address hidden> Thu, 05 Sep 2024 11:08:23 +0530
Source diff to previous version
CVE-2024-6345 A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. The

Version: 59.6.0-1.2ubuntu0.22.04.1 2023-01-23 11:07:26 UTC

  setuptools (59.6.0-1.2ubuntu0.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: ReDOS in package_index.py
    - debian/patches/CVE-2022-40897.patch: Limit the amount of
      whitespace to search/backtrack in setuptools/package_index.py.
    - CVE-2022-40897

 -- David Fernandez Gonzalez <email address hidden> Thu, 19 Jan 2023 16:00:36 +0100
CVE-2022-40897 Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or cust


About   -   Send Feedback to @ubuntu_updates