UbuntuUpdates.org

Package "python-setuptools-doc"

Name: python-setuptools-doc

Description:

Python Distutils Enhancements (documentation)
Latest version: 68.1.2-2ubuntu1.2
Release: noble (24.04)
Level: updates
Repository: main
Head package: setuptools
Homepage: https://pypi.python.org/pypi/setuptools

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "python-setuptools-doc"

All arch deb package
APT INSTALL

Other versions of "python-setuptools-doc" in Noble

Repository Area Version
base main 68.1.2-2ubuntu1
security main 68.1.2-2ubuntu1.2

Changelog

Version: 68.1.2-2ubuntu1.2 2025-05-29 03:49:44 UTC

  setuptools (68.1.2-2ubuntu1.2) noble-security; urgency=medium

  * SECURITY UPDATE: path traversal vulnerability
    - debian/patches/CVE-2025-47273-pre1.patch: Extract
      _resolve_download_filename with test.
    - debian/patches/CVE-2025-47273.patch: Add a check to ensure the name
      resolves relative to the tmpdir.
    - CVE-2025-47273

 -- Fabian Toepfer <email address hidden> Wed, 28 May 2025 19:00:32 +0200
Source diff to previous version
CVE-2025-47273 setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `Pac

Version: 68.1.2-2ubuntu1.1 2024-09-12 12:07:01 UTC

  setuptools (68.1.2-2ubuntu1.1) noble-security; urgency=medium

  * SECURITY UPDATE: remote code execution via package download functions
    - debian/patches/CVE-2024-6345.patch: modernize and fix VCS handling
      to prevent code injection in setuptools/package_index.py and
      setuptools/tests/test_packageindex.py. Also update setup.cfg to
      include new test dependencies.
    - CVE-2024-6345

 -- Vyom Yadav <email address hidden> Tue, 27 Aug 2024 21:44:12 +0530
CVE-2024-6345 A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. The


About   -   Send Feedback to @ubuntu_updates