Univention Bugzilla – Bug 53040
python3.5: Multiple issues (4.4)
Last modified: 2021-04-14 12:06:18 CEST
New Debian python3.5 3.5.3-1+deb9u4 fixes: This update addresses the following issues: * stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c (CVE-2021-3177) * information disclosure via pydoc (CVE-2021-3426) * Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters (CVE-2021-23336)
--- mirror/ftp/4.4/unmaintained/4.4-7/source/python3.5_3.5.3-1+deb9u3.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/python3.5_3.5.3-1+deb9u4.dsc @@ -1,3 +1,10 @@ +3.5.3-1+deb9u4 [Mon, 05 Apr 2021 11:00:41 +0200] Anton Gladky <gladk@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * CVE-2021-23336: only use '&' as a query string separator + * CVE-2021-3426: remove the pydoc getfile feature + * CVE-2021-3177: replace snprintf with Python unicode + 3.5.3-1+deb9u3 [Wed, 18 Nov 2020 16:09:16 -0500] Roberto C. Sánchez <roberto@debian.org>: * Non-maintainer upload by the LTS Team. <http://piuparts.knut.univention.de/4.4-7/#6646714487352875655>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] 5a2c98032b Bug #53040: python3.5 3.5.3-1+deb9u4 doc/errata/staging/python3.5.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) [4.4-7] 50813659ee Bug #53040: python3.5 3.5.3-1+deb9u4 doc/errata/staging/python3.5.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x951>