Package "python3.4-dev"
Name: |
python3.4-dev
|
Description: |
Header files and a static library for Python (v3.4)
|
Latest version: |
3.4.3-1ubuntu1~14.04.7 |
Release: |
trusty (14.04) |
Level: |
updates |
Repository: |
main |
Head package: |
python3.4 |
Links
Download "python3.4-dev"
Other versions of "python3.4-dev" in Trusty
Changelog
python3.4 (3.4.3-1ubuntu1~14.04.7) trusty-security; urgency=medium
* SECURITY UPDATE: command injection in shutil module
- debian/patches/CVE-2018-1000802.patch: use subprocess rather than
distutils.spawn in Lib/shutil.py.
- CVE-2018-1000802
* SECURITY UPDATE: DoS via catastrophic backtracking
- debian/patches/CVE-2018-106x.patch: fix expressions in
Lib/difflib.py, Lib/poplib.py. Added tests to
Lib/test/test_difflib.py, Lib/test/test_poplib.py.
- CVE-2018-1060
- CVE-2018-1061
* SECURITY UPDATE: incorrect Expat hash salt initialization
- debian/patches/CVE-2018-14647.patch: call SetHashSalt in
Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c.
- CVE-2018-14647
-- Marc Deslauriers <email address hidden> Mon, 12 Nov 2018 09:06:13 -0500
|
Source diff to previous version |
CVE-2018-1000802 |
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command In |
CVE-2018-1060 |
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacke |
CVE-2018-1061 |
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An |
CVE-2018-14647 |
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service |
|
python3.4 (3.4.3-1ubuntu1~14.04.6) trusty-security; urgency=medium
* SECURITY UPDATE: integer overflow in the PyBytes_DecodeEscape
function
- debian/patches/CVE-2017-1000158.patch: fix this integer overflow
in Objects/bytesobject.c.
- CVE-2017-1000158
-- <email address hidden> (Leonidas S. Barbosa) Thu, 23 Nov 2017 12:42:11 -0300
|
Source diff to previous version |
python3.4 (3.4.3-1ubuntu1~14.04.5) trusty-security; urgency=medium
* SECURITY UPDATE: StartTLS stripping attack
- debian/patches/CVE-2016-0772.patch: raise an error when
STARTTLS fails in Lib/smtplib.py.
- CVE-2016-0772
* SECURITY UPDATE: use of HTTP_PROXY flag supplied by attacker in CGI
scripts (aka HTTPOXY attack)
- debian/patches/CVE-2016-1000110.patch: if running as CGI
script, forget HTTP_PROXY in Lib/urllib.py, add test to
Lib/test/test_urllib.py, add documentation.
- CVE-2016-1000110
* SECURITY UPDATE: Integer overflow when handling zipfiles
- debian/patches/CVE-2016-5636-pre.patch: check for negative size in
Modules/zipimport.c
- debian/patches/CVE-2016-5636.patch: check for too large value in
Modules/zipimport.c
- CVE-2016-5636
* SECURITY UPDATE: CRLF injection vulnerability in the
HTTPConnection.putheader
- debian/patches/CVE-2016-5699.patch: disallow newlines in
putheader() arguments when not followed by spaces or tabs in
Lib/httplib.py, add tests in Lib/test/test_httplib.py
- CVE-2016-5699
-- Steve Beattie <email address hidden> Wed, 16 Nov 2016 12:38:40 -0800
|
Source diff to previous version |
CVE-2016-0772 |
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, whi |
CVE-2016-1000 |
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202. |
CVE-2016-5636 |
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remot |
CVE-2016-5699 |
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4. |
|
python3.4 (3.4.3-1ubuntu1~14.04.4) trusty-proposed; urgency=medium
* SRU: LP: #1620754: Fix invalid code in pyhash/siphash24. Issue #28055.
-- Matthias Klose <email address hidden> Sat, 10 Sep 2016 10:26:44 +0200
|
Source diff to previous version |
1620754 |
hash(datetime.datetime(...)) fails with python3.5 on armhf (on an arm64 host) with a bus error |
|
python3.4 (3.4.3-1ubuntu1~14.04.3) trusty; urgency=medium
* Remove the config file from the package, as there is no handling in
place to deal with this config file on upgrade and it is not appropriate
for inclusion in an urgent SRU.
-- Steve Langasek Wed, 14 Oct 2015 12:52:19 -0700
|
About
-
Send Feedback to @ubuntu_updates