UbuntuUpdates.org

Package "setuptools"

Name: setuptools

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Python Distutils Enhancements (documentation)
  • Package Discovery and Resource Access using pkg_resources
  • Python3 Distutils Enhancements
Latest version: 59.6.0-1.2ubuntu0.22.04.2
Release: jammy (22.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "setuptools" in Jammy

Repository Area Version
base main 59.6.0-1.2
base universe 59.6.0-1.2
security universe 59.6.0-1.2ubuntu0.22.04.2
updates main 59.6.0-1.2ubuntu0.22.04.2
updates universe 59.6.0-1.2ubuntu0.22.04.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 59.6.0-1.2ubuntu0.22.04.2 2024-09-12 11:07:00 UTC

  setuptools (59.6.0-1.2ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: remote code execution via package download functions
    - debian/patches/CVE-2024-6345.patch: modernize and fix VCS handling
      to prevent code injection in setuptools/package_index.py and
      setuptools/tests/test_packageindex.py. Also update setup.cfg to
      include new test dependencies.
    - CVE-2024-6345

 -- Vyom Yadav <email address hidden> Thu, 05 Sep 2024 11:08:23 +0530
Source diff to previous version
CVE-2024-6345 A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. The

Version: 59.6.0-1.2ubuntu0.22.04.1 2023-01-23 11:07:26 UTC

  setuptools (59.6.0-1.2ubuntu0.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: ReDOS in package_index.py
    - debian/patches/CVE-2022-40897.patch: Limit the amount of
      whitespace to search/backtrack in setuptools/package_index.py.
    - CVE-2022-40897

 -- David Fernandez Gonzalez <email address hidden> Thu, 19 Jan 2023 16:00:36 +0100
CVE-2022-40897 Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or cust


About   -   Send Feedback to @ubuntu_updates