[ubuntu/bionic-security] python3.7 3.7.5-2ubuntu1~18.04.2 (Accepted)

Ian Constantin ian.constantin at canonical.com
Wed Dec 15 21:18:56 UTC 2021


python3.7 (3.7.5-2ubuntu1~18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Regular Expression Denial of Service
    - debian/patches/CVE-2020-8492.patch: updates a regular expression in the 
      urllib.request.AbsatrctBasicAuthHandler class which allows for 
      catastrophic backtracking and could result in a Denial of Service 
      condition.
    - CVE-2020-8492 
  * SECURITY UPDATE: Regular Expression Denial of Service
    - debian/patches/CVE-2021-3733.patch: updates a regular expression in the 
      urllib.request.AbstractBasicAuthHandler class which has a quadratic
      worst-case time complexity and could be abused by a malicious HTTP
      server to cause a Denial of Service condition for a client.
    - CVE-2021-3733 
  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2021-3737.patch: addresses the potential for the
      urllib http client to enter into an infinite loop and hang on a 100
      Continue response from a malicious server.
    - debian/patches/CVE-2021-3737_test-fix.patch: improves the regression
      test in Lib/test/test_httplib.py
    - CVE-2021-3737

Date: 2021-12-09 18:51:11.483290+00:00
Changed-By: Ian Constantin <ian.constantin at canonical.com>
https://launchpad.net/ubuntu/+source/python3.7/3.7.5-2ubuntu1~18.04.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list