Package "python3.6"
| Name: |
python3.6
|
Description: |
Interactive high-level object-oriented language (version 3.6)
|
| Latest version: |
3.6.9-1~18.04ubuntu1.1 |
| Release: |
bionic (18.04) |
| Level: |
updates |
| Repository: |
main |
Links
Download "python3.6"
Other versions of "python3.6" in Bionic
Packages in group
Deleted packages are displayed in grey.
Changelog
|
python3.6 (3.6.9-1~18.04ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: Misleading information
- debian/patches/CVE-2019-17514.patch: explain that the orderness of the
of the result is system-dependant in Doc/library/glob.rst.
- CVE-2019-17514
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-9674.patch: add pitfalls to
zipfile module doc in Doc/library/zipfile.rst,
Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst.
- CVE-2019-9674
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2019-20907.patch: avoid infinite loop in the
tarfile module in Lib/tarfile.py, Lib/test/test_tarfile.py and add
Lib/test/recursion.tar binary for test.
- CVE-2019-20907
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2020-14422.patch: Resolve hash collisions for
IPv4Interface and IPv6Interface in Lib/ipaddress.py,
Lib/test/test_ipaddress.py.
- CVE-2020-14422
-- <email address hidden> (Leonidas S. Barbosa) Fri, 17 Jul 2020 09:50:27 -0300
|
| Source diff to previous version |
| CVE-2019-17514 |
library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrate |
| CVE-2019-9674 |
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. |
| CVE-2019-20907 |
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, becaus |
| CVE-2020-14422 |
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote a |
|
|
python3.6 (3.6.9-1~18.04ubuntu1) bionic-security; urgency=medium
* SECURITY UPDATE: CRLF injection
- debian/patches/CVE-2019-18348.patch: disallow control characters
in hostnames in http.client in Lib/http/client.py, Lib/test/test_urllib.py.
- CVE-2019-18348
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2020-8492.patch: fix the regex to prevent
the regex denial of service in Lib/urllib/request.py,
- CVE-2020-8492
-- <email address hidden> (Leonidas S. Barbosa) Fri, 17 Apr 2020 22:56:04 -0300
|
| Source diff to previous version |
| CVE-2019-18348 |
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker co |
| CVE-2020-8492 |
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular E |
|
|
python3.6 (3.6.9-1~18.04) bionic-proposed; urgency=medium
* SRU: LP: #1835738, backport 3.6.9 to 18.04.
* Python 3.6.9 release.
* Remove patches applied upstream:
- CVE-2018-20852.patch
- CVE-2019-5010.patch
- CVE-2019-9636.patch
- CVE-2019-9740.patch
- CVE-2019-9948.patch
- CVE-2019-10160-1.patch
- CVE-2019-10160-2.patch
* Enable the lto build on arm64.
-- Matthias Klose <email address hidden> Thu, 07 Nov 2019 11:44:02 +0100
|
| Source diff to previous version |
| CVE-2018-20852 |
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be trick |
| CVE-2019-5010 |
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 ce |
| CVE-2019-9636 |
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normal |
| CVE-2019-9740 |
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker co |
| CVE-2019-9948 |
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that |
| CVE-2019-10160 |
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3. |
|
|
python3.6 (3.6.8-1~18.04.3) bionic-security; urgency=medium
* SECURITY UPDATE: incorrect email address parsing
- debian/patches/CVE-2019-16056.patch: don't parse domains containing @
in Lib/email/_header_value_parser.py, Lib/email/_parseaddr.py,
Lib/test/test_email/test__header_value_parser.py,
Lib/test/test_email/test_email.py.
- CVE-2019-16056
* SECURITY UPDATE: XSS in documentation XML-RPC server
- debian/patches/CVE-2019-16935.patch: escape the server_title in
Lib/xmlrpc/server.py, Lib/test/test_docxmlrpc.py.
- CVE-2019-16935
-- Marc Deslauriers <email address hidden> Mon, 07 Oct 2019 08:59:55 -0400
|
| Source diff to previous version |
| CVE-2019-16056 |
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses em |
| CVE-2019-16935 |
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs |
|
|
No changelog available yet.
|
About
-
Send Feedback to @ubuntu_updates
