UbuntuUpdates.org

Package "python3-setuptools-whl"

Name: python3-setuptools-whl

Description:

Python Distutils Enhancements (wheel package)

Latest version: 59.6.0-1.2ubuntu0.22.04.2
Release: jammy (22.04)
Level: security
Repository: universe
Head package: setuptools
Homepage: https://pypi.python.org/pypi/setuptools

Links


Download "python3-setuptools-whl"


Other versions of "python3-setuptools-whl" in Jammy

Repository Area Version
updates universe 59.6.0-1.2ubuntu0.22.04.2

Changelog

Version: 59.6.0-1.2ubuntu0.22.04.2 2024-09-12 11:07:01 UTC

  setuptools (59.6.0-1.2ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: remote code execution via package download functions
    - debian/patches/CVE-2024-6345.patch: modernize and fix VCS handling
      to prevent code injection in setuptools/package_index.py and
      setuptools/tests/test_packageindex.py. Also update setup.cfg to
      include new test dependencies.
    - CVE-2024-6345

 -- Vyom Yadav <email address hidden> Thu, 05 Sep 2024 11:08:23 +0530

Source diff to previous version
CVE-2024-6345 A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. The

Version: 59.6.0-1.2ubuntu0.22.04.1 2023-01-23 11:07:28 UTC

  setuptools (59.6.0-1.2ubuntu0.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: ReDOS in package_index.py
    - debian/patches/CVE-2022-40897.patch: Limit the amount of
      whitespace to search/backtrack in setuptools/package_index.py.
    - CVE-2022-40897

 -- David Fernandez Gonzalez <email address hidden> Thu, 19 Jan 2023 16:00:36 +0100

CVE-2022-40897 Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or cust



About   -   Send Feedback to @ubuntu_updates