[ubuntu/bionic-updates] python3.6 3.6.9-1~18.04ubuntu1.6 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Wed Dec 15 21:59:21 UTC 2021
python3.6 (3.6.9-1~18.04ubuntu1.6) bionic-security; urgency=medium
* SECURITY UPDATE: Regular Expression Denial of Service
- debian/patches/CVE-2021-3733.patch: updates a regular expression in the
urllib.request.AbstractBasicAuthHandler class which has a quadratic
worst-case time complexity and could be abused by a malicious HTTP
server to cause a Denial of Service condition for a client.
- CVE-2021-3733
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2021-3737.patch: addresses the potential for the
urllib http client to enter into an infinite loop and hang on a 100
Continue response from a malicious server.
- debian/patches/CVE-2021-3737_test-fix.patch: improves the regression
test in Lib/test/test_httplib.py
- CVE-2021-3737
Date: 2021-12-09 15:31:25.667927+00:00
Changed-By: Ian Constantin <ian.constantin at canonical.com>
Maintainer: Matthias Klose <doko at ubuntu.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/python3.6/3.6.9-1~18.04ubuntu1.6
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list