[ubuntu/groovy-security] python3.8 3.8.6-1ubuntu0.2 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Thu Feb 25 12:30:46 UTC 2021


python3.8 (3.8.6-1ubuntu0.2) groovy-security; urgency=medium

  * SECURITY UPDATE: Code execution from content received via HTTP
    - debian/patches/CVE-2020-27619-3.8.patch: no longer call eval() on
      content received via HTTP in Lib/test/multibytecodec_support.py.
    - CVE-2020-27619
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2021-3177-3.8.patch: replace snprintf with Python unicode
      formatting in ctypes param reprs in Lib/ctypes/test/test_parameters.py,
      Modules/_ctypes/callproc.c.
    - CVE-2021-3177
  * Skipping test_idle in riscv64 arch
    - debian/rules: adding test_idle to TEST_EXCLUDES in riscv64 arch due it
      hangs in build time.

Date: 2021-02-23 11:05:25.111331+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/python3.8/3.8.6-1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the Groovy-changes mailing list