Univention Bugzilla – Bug 47891
python3.5: Multiple issues (4.3)
Last modified: 2018-10-04 14:27:51 CEST
New Debian python3.5 3.5.3-1+deb9u1 fixes: This update addresses the following issues: * Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow (CVE-2017-1000158) * DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) * DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) * Missing salt initialization in _elementtree.c module (CVE-2018-14647)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/python3.5_3.5.3-1.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/python3.5_3.5.3-1+deb9u1.dsc @@ -1,3 +1,7 @@ +3.5.3-1+deb9u1 [Thu, 27 Sep 2018 19:25:39 +0200] Moritz Mühlenhoff <jmm@debian.org>: + + * CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 + 3.5.3-1 [Thu, 19 Jan 2017 15:11:04 +0100] Matthias Klose <doko@debian.org>: * Python 3.5.3 release. <http://10.200.17.11/4.3-2/#6646714487349628080>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-2] b7b1d552b2 Bug #47891: python3.5 3.5.3-1+deb9u1 doc/errata/staging/{python2.7.yaml => python3.5.yaml} | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) [4.3-2] d8526e6d2a Bug #47890: python2.7 2.7.13-2+deb9u3 doc/errata/staging/python2.7.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)
<http://errata.software-univention.de/ucs/4.3/259.html>