Package "libpython3.2"
Name: |
libpython3.2
|
Description: |
Shared Python runtime library (version 3.2)
|
Latest version: |
3.2.3-0ubuntu3.8 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
main |
Head package: |
python3.2 |
Links
Download "libpython3.2"
Other versions of "libpython3.2" in Precise
Changelog
python3.2 (3.2.3-0ubuntu3.8) precise-security; urgency=medium
* SECURITY UPDATE: StartTLS stripping attack
- debian/patches/CVE-2016-0772.patch: raise an error when
STARTTLS fails in Lib/smtplib.py.
- CVE-2016-0772
* SECURITY UPDATE: use of HTTP_PROXY flag supplied by attacker in CGI
scripts (aka HTTPOXY attack)
- debian/patches/CVE-2016-1000110.patch: if running as CGI
script, forget HTTP_PROXY in Lib/urllib.py, add test to
Lib/test/test_urllib.py, add documentation.
- CVE-2016-1000110
* SECURITY UPDATE: Integer overflow when handling zipfiles
- debian/patches/CVE-2016-5636-pre.patch: check for negative size in
Modules/zipimport.c
- debian/patches/CVE-2016-5636.patch: check for too large value in
Modules/zipimport.c
- CVE-2016-5636
* SECURITY UPDATE: CRLF injection vulnerability in the
HTTPConnection.putheader
- debian/patches/CVE-2016-5699.patch: disallow newlines in
putheader() arguments when not followed by spaces or tabs in
Lib/httplib.py, add tests in Lib/test/test_httplib.py
- CVE-2016-5699
-- Steve Beattie <email address hidden> Tue, 15 Nov 2016 14:34:45 -0800
|
Source diff to previous version |
CVE-2016-0772 |
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, whi |
CVE-2016-1000 |
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202. |
CVE-2016-5636 |
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remot |
CVE-2016-5699 |
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4. |
|
python3.2 (3.2.3-0ubuntu3.7) precise-security; urgency=medium
* SECURITY UPDATE: denial of service in multiple servers
- debian/patches/CVE-2013-1752-ftplib.patch: limit amount of data read
in Lib/ftplib.py, added test to Lib/test/test_ftplib.py.
- debian/patches/CVE-2013-1752-httplib.patch: limit long lines in
Lib/http/client.py, added test to Lib/test/test_httplib.py.
- debian/patches/CVE-2013-1752-imaplib.patch: limit line length in
Lib/imaplib.py, added test to Lib/test/test_imaplib.py.
- debian/patches/CVE-2013-1752-nntplib.patch: limit line length in
Lib/nntplib.py, added test to Lib/test/test_nntplib.py.
- debian/patches/CVE-2013-1752-poplib.patch: limit maximum line length
in Lib/poplib.py, added test to Lib/test/test_poplib.py.
- debian/patches/CVE-2013-1752-smtplib.patch: limit amount read from
the network in Lib/smtplib.py, added test to
Lib/test/test_smtplib.py, fix Lib/test/mock_socket.py.
- CVE-2013-1752
* SECURITY UPDATE: denial of service via xmlrpc gzip-compressed
HTTP bodies
- debian/patches/CVE-2013-1753.patch: add default limit in
Lib/xmlrpc/client.py, added test to Lib/test/test_xmlrpc.py.
- CVE-2013-1753
* SECURITY UPDATE: arbitrary memory read via idx argument
- debian/patches/CVE-2014-4616.patch: reject negative idx values in
Modules/_json.c, added test to Lib/test/json_tests/test_decode.py.
- CVE-2014-4616
* SECURITY UPDATE: code execution or file disclosure via CGIHTTPServer
- debian/patches/CVE-2014-4650.patch: url unquote path in
Lib/http/server.py, added test to Lib/test/test_httpservers.py.
- CVE-2014-4650
-- Marc Deslauriers <email address hidden> Thu, 18 Jun 2015 14:42:39 -0400
|
Source diff to previous version |
|
python3.2 (3.2.3-0ubuntu3.6) precise-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
buffer overflow in socket.recvfrom_into
- debian/patches/CVE-2014-1912.diff: check buffer length in
Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
- CVE-2014-1912
-- Marc Deslauriers <email address hidden> Thu, 27 Feb 2014 14:28:16 -0500
|
Source diff to previous version |
|
python3.2 (3.2.3-0ubuntu3.5) precise-security; urgency=low
* SECURITY UPDATE: denial of service via ssl hostname wildcards
- debian/patches/CVE-2013-2099.diff: limit number of wildcards in
Lib/ssl.py, add test to Lib/test/test_ssl.py.
- CVE-2013-2099
* SECURITY UPDATE: incorrect ssl hostname verification
- debian/patches/CVE-2013-4238.diff: correctly handle NULL bytes in
the subjectAltName in Modules/_ssl.c, add test to
Lib/test/test_ssl.py, Lib/test/nullbytecert.pem.
- CVE-2013-4238
* This package does _not_ contain the changes from 3.2.3-0ubuntu3.4 in
precise-proposed.
-- Marc Deslauriers <email address hidden> Wed, 25 Sep 2013 10:54:30 -0400
|
Source diff to previous version |
CVE-2013-2099 |
ssl.match_hostname denial of service |
CVE-2013-4238 |
The ssl.match_hostname function in the SSL module in Python 2.6 ... |
|
python3.2 (3.2.3-0ubuntu3.3) precise-proposed; urgency=low
* Make python3.2{,-minimal,-dbg} Multi-Arch: allowed. LP: #1130709.
* distutils: Append the abiflags to the python include dir (avoids
extensions installing over a symlink).
-- Matthias Klose <email address hidden> Fri, 22 Feb 2013 09:55:09 +0100
|
About
-
Send Feedback to @ubuntu_updates