[ubuntu/bionic-security] python3.6 3.6.9-1~18.04ubuntu1.6 (Accepted)

Ian Constantin ian.constantin at canonical.com
Wed Dec 15 21:18:55 UTC 2021

python3.6 (3.6.9-1~18.04ubuntu1.6) bionic-security; urgency=medium

  * SECURITY UPDATE: Regular Expression Denial of Service
     - debian/patches/CVE-2021-3733.patch: updates a regular expression in the 
       urllib.request.AbstractBasicAuthHandler class which has a quadratic
       worst-case time complexity and could be abused by a malicious HTTP
       server to cause a Denial of Service condition for a client.
     - CVE-2021-3733 
  * SECURITY UPDATE: Denial of Service
     - debian/patches/CVE-2021-3737.patch: addresses the potential for the
       urllib http client to enter into an infinite loop and hang on a 100
       Continue response from a malicious server.
     - debian/patches/CVE-2021-3737_test-fix.patch: improves the regression
       test in Lib/test/test_httplib.py
     - CVE-2021-3737

Date: 2021-12-09 15:31:25.667927+00:00
Changed-By: Ian Constantin <ian.constantin at canonical.com>
Maintainer: Matthias Klose <doko at ubuntu.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list