Univention Bugzilla – Bug 56243
python3.7: Multiple issues (5.0)
Last modified: 2023-07-05 14:48:55 CEST
New Debian python3.7 3.7.3-2+deb10u5 fixes: This update addresses the following issues: 3.7.3-2+deb10u5 (Thu, 29 Jun 2023 21:03:57 +0300) * Non-maintainer upload by the LTS Security Team. * CVE-2015-20107: The mailcap module did not add escape characters into commands discovered in the system mailcap file. * CVE-2020-10735: Prevent DoS with very large int. * CVE-2021-3426: Remove the pydoc getfile feature which could be abused to read arbitrary files on the disk. * CVE-2021-3733: Regular Expression Denial of Service in urllib's AbstractBasicAuthHandler class. * CVE-2021-3737: Infinite loop in the HTTP client code. * CVE-2021-4189: Make ftplib not trust the PASV response. * CVE-2022-45061: Quadratic time in the IDNA decoder.
--- mirror/ftp/pool/main/p/python3.7/python3.7_3.7.3-2+deb10u4.dsc +++ apt/ucs_5.0-0-errata5.0-4/source/python3.7_3.7.3-2+deb10u5.dsc @@ -1,3 +1,17 @@ +3.7.3-2+deb10u5 [Thu, 29 Jun 2023 21:03:57 +0300] Adrian Bunk <bunk@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * CVE-2015-20107: The mailcap module did not add escape characters + into commands discovered in the system mailcap file. + * CVE-2020-10735: Prevent DoS with very large int. + * CVE-2021-3426: Remove the pydoc getfile feature which + could be abused to read arbitrary files on the disk. + * CVE-2021-3733: Regular Expression Denial of Service in urllib's + AbstractBasicAuthHandler class. + * CVE-2021-3737: Infinite loop in the HTTP client code. + * CVE-2021-4189: Make ftplib not trust the PASV response. + * CVE-2022-45061: Quadratic time in the IDNA decoder. + 3.7.3-2+deb10u4 [Mon, 31 Oct 2022 16:04:00 +0200] Stefano Rivera <stefanor@debian.org>: * Non-maintainer upload by the LTS Security Team. <http://piuparts.knut.univention.de/5.0-4/#8709540445757464607>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-4] 68b0316031 Bug #56243: python3.7 3.7.3-2+deb10u5 doc/errata/staging/python3.7.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) [5.0-4] 73d2a650a8 Bug #56243: python3.7 3.7.3-2+deb10u5 doc/errata/staging/python3.7.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x722>