UbuntuUpdates.org

Package "python3.4"

Name: python3.4

Description:

Interactive high-level object-oriented language (version 3.4)
Latest version: 3.4.3-1ubuntu1~14.04.7
Release: trusty (14.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "python3.4"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "python3.4" in Trusty

Repository Area Version
base main 3.4.0-2ubuntu1
security main 3.4.3-1ubuntu1~14.04.7

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.4.3-1ubuntu1~14.04.7 2018-11-13 17:07:15 UTC

  python3.4 (3.4.3-1ubuntu1~14.04.7) trusty-security; urgency=medium

  * SECURITY UPDATE: command injection in shutil module
    - debian/patches/CVE-2018-1000802.patch: use subprocess rather than
      distutils.spawn in Lib/shutil.py.
    - CVE-2018-1000802
  * SECURITY UPDATE: DoS via catastrophic backtracking
    - debian/patches/CVE-2018-106x.patch: fix expressions in
      Lib/difflib.py, Lib/poplib.py. Added tests to
      Lib/test/test_difflib.py, Lib/test/test_poplib.py.
    - CVE-2018-1060
    - CVE-2018-1061
  * SECURITY UPDATE: incorrect Expat hash salt initialization
    - debian/patches/CVE-2018-14647.patch: call SetHashSalt in
      Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c.
    - CVE-2018-14647

 -- Marc Deslauriers <email address hidden> Mon, 12 Nov 2018 09:06:13 -0500
Source diff to previous version
CVE-2018-1000802 Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command In
CVE-2018-1060 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacke
CVE-2018-1061 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An
CVE-2018-14647 Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service

Version: 3.4.3-1ubuntu1~14.04.6 2017-11-29 01:06:43 UTC

  python3.4 (3.4.3-1ubuntu1~14.04.6) trusty-security; urgency=medium

  * SECURITY UPDATE: integer overflow in the PyBytes_DecodeEscape
    function
    - debian/patches/CVE-2017-1000158.patch: fix this integer overflow
      in Objects/bytesobject.c.
    - CVE-2017-1000158

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 23 Nov 2017 12:42:11 -0300
Source diff to previous version

Version: 3.4.3-1ubuntu1~14.04.5 2016-11-22 20:06:47 UTC

  python3.4 (3.4.3-1ubuntu1~14.04.5) trusty-security; urgency=medium

  * SECURITY UPDATE: StartTLS stripping attack
    - debian/patches/CVE-2016-0772.patch: raise an error when
      STARTTLS fails in Lib/smtplib.py.
    - CVE-2016-0772
  * SECURITY UPDATE: use of HTTP_PROXY flag supplied by attacker in CGI
    scripts (aka HTTPOXY attack)
    - debian/patches/CVE-2016-1000110.patch: if running as CGI
      script, forget HTTP_PROXY in Lib/urllib.py, add test to
      Lib/test/test_urllib.py, add documentation.
    - CVE-2016-1000110
  * SECURITY UPDATE: Integer overflow when handling zipfiles
    - debian/patches/CVE-2016-5636-pre.patch: check for negative size in
      Modules/zipimport.c
    - debian/patches/CVE-2016-5636.patch: check for too large value in
      Modules/zipimport.c
    - CVE-2016-5636
  * SECURITY UPDATE: CRLF injection vulnerability in the
    HTTPConnection.putheader
    - debian/patches/CVE-2016-5699.patch: disallow newlines in
      putheader() arguments when not followed by spaces or tabs in
      Lib/httplib.py, add tests in Lib/test/test_httplib.py
    - CVE-2016-5699

 -- Steve Beattie <email address hidden> Wed, 16 Nov 2016 12:38:40 -0800
Source diff to previous version
CVE-2016-0772 The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, whi
CVE-2016-1000 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.
CVE-2016-5636 Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remot
CVE-2016-5699 CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.

Version: 3.4.3-1ubuntu1~14.04.4 2016-09-22 17:06:37 UTC

  python3.4 (3.4.3-1ubuntu1~14.04.4) trusty-proposed; urgency=medium

  * SRU: LP: #1620754: Fix invalid code in pyhash/siphash24. Issue #28055.

 -- Matthias Klose <email address hidden> Sat, 10 Sep 2016 10:26:44 +0200
Source diff to previous version
1620754 hash(datetime.datetime(...)) fails with python3.5 on armhf (on an arm64 host) with a bus error

Version: 3.4.3-1ubuntu1~14.04.3 2015-10-20 05:06:44 UTC

  python3.4 (3.4.3-1ubuntu1~14.04.3) trusty; urgency=medium

  * Remove the config file from the package, as there is no handling in
    place to deal with this config file on upgrade and it is not appropriate
    for inclusion in an urgent SRU.

 -- Steve Langasek Wed, 14 Oct 2015 12:52:19 -0700


About   -   Send Feedback to @ubuntu_updates