Univention Bugzilla – Bug 54036
python3.5: Multiple issues (4.4)
Last modified: 2021-11-10 17:52:45 CET
New Debian python3.5 3.5.3-1+deb9u5 fixes: This update addresses the following issues: * urllib: Regular expression DoS in AbstractBasicAuthHandler (CVE-2021-3733) * urllib: HTTP client possible infinite loop on a 100 Continue response (CVE-2021-3737)
--- mirror/ftp/4.4/unmaintained/4.4-8/source/python3.5_3.5.3-1+deb9u4.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/python3.5_3.5.3-1+deb9u5.dsc @@ -1,3 +1,11 @@ +3.5.3-1+deb9u5 [Thu, 04 Nov 2021 20:59:10 +0530] Utkarsh Gupta <utkarsh@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * Add patch to fix http client infinite line reading (DoS) + after a HTTP 100 Continuefix. (Fixes: CVE-2021-3737) + * Add patch to fix ReDoS in urllib + AbstractBasicAuthHandler. (Fixes: CVE-2021-3733) + 3.5.3-1+deb9u4 [Mon, 05 Apr 2021 11:00:41 +0200] Anton Gladky <gladk@debian.org>: * Non-maintainer upload by the LTS Security Team. <http://piuparts.knut.univention.de/4.4-8/#6646714487353958180>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 1acc33741e Bug #54036: python3.5 3.5.3-1+deb9u5 doc/errata/staging/python3.5.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1089>