[ubuntu/kinetic-proposed] python-oauthlib 3.2.0-1ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Sep 16 14:50:14 UTC 2022


python-oauthlib (3.2.0-1ubuntu1) kinetic; urgency=medium

  * SECURITY UPDATE: DoS via malicious redirect uri
    - debian/patches/CVE-2022-36087-1.patch: add check of performance of
      ipv6 check in tests/test_uri_validate.py.
    - debian/patches/CVE-2022-36087-2.patch: fix IPV6 regex used to check
      redirect_uri in oauthlib/uri_validate.py, tests/test_uri_validate.py.
    - CVE-2022-36087

Date: Fri, 16 Sep 2022 10:26:11 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/python-oauthlib/3.2.0-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 16 Sep 2022 10:26:11 -0400
Source: python-oauthlib
Built-For-Profiles: noudeb
Architecture: source
Version: 3.2.0-1ubuntu1
Distribution: kinetic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 python-oauthlib (3.2.0-1ubuntu1) kinetic; urgency=medium
 .
   * SECURITY UPDATE: DoS via malicious redirect uri
     - debian/patches/CVE-2022-36087-1.patch: add check of performance of
       ipv6 check in tests/test_uri_validate.py.
     - debian/patches/CVE-2022-36087-2.patch: fix IPV6 regex used to check
       redirect_uri in oauthlib/uri_validate.py, tests/test_uri_validate.py.
     - CVE-2022-36087
Checksums-Sha1:
 83f294eb732b4872551497807f6c745a3a289d0a 2302 python-oauthlib_3.2.0-1ubuntu1.dsc
 642bbf04e39416e73713a8c5f4da3566692157d9 6004 python-oauthlib_3.2.0-1ubuntu1.debian.tar.xz
 28fe3a6910f366c085559eb591419c5c57b40933 7908 python-oauthlib_3.2.0-1ubuntu1_source.buildinfo
Checksums-Sha256:
 a82d1b56455c4a0756b11c548f18729912956da0d0deecd6d58d50785cf0afe9 2302 python-oauthlib_3.2.0-1ubuntu1.dsc
 2d1039e1b3bd0eccdb8a10db606f6662518aab3a16ce7ecf5f753b58c310b3f2 6004 python-oauthlib_3.2.0-1ubuntu1.debian.tar.xz
 8bd36d25d4c58ea7ce08b1a69411eff28dcdc129a5c31934c9c70cc5b0d639a5 7908 python-oauthlib_3.2.0-1ubuntu1_source.buildinfo
Files:
 198ab3e2ed87625f75c1dfc2d23f5776 2302 python optional python-oauthlib_3.2.0-1ubuntu1.dsc
 92ac8b39433ee4c2af2d66d28bc97e3f 6004 python optional python-oauthlib_3.2.0-1ubuntu1.debian.tar.xz
 085cac75b96ff27585d10ce7b887c686 7908 python optional python-oauthlib_3.2.0-1ubuntu1_source.buildinfo
Original-Maintainer: Debian Python Team <team+python at tracker.debian.org>


More information about the kinetic-changes mailing list