UbuntuUpdates.org

Package "libpython3.8"

Name: libpython3.8

Description:

Shared Python runtime library (version 3.8)

Latest version: 3.8.0-3ubuntu1~18.04.2
Release: bionic (18.04)
Level: updates
Repository: universe
Head package: python3.8

Links


Download "libpython3.8"


Other versions of "libpython3.8" in Bionic

Repository Area Version
security universe 3.8.0-3ubuntu1~18.04.2

Changelog

Version: 3.8.0-3ubuntu1~18.04.2 2021-12-15 23:06:19 UTC

  python3.8 (3.8.0-3ubuntu1~18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Regular Expression Denial of Service
    - debian/patches/CVE-2020-8492.patch: updates a regular expression in the
      urllib.request.AbsatrctBasicAuthHandler class which allows for
      catastrophic backtracking and could result in a Denial of Service
      condition.
    - CVE-2020-8492
  * SECURITY UPDATE: Regular Expression Denial of Service
    - debian/patches/CVE-2021-3733.patch: updates a regular expression in the
      urllib.request.AbstractBasicAuthHandler class which has a quadratic
      worst-case time complexity and could be abused by a malicious HTTP
      server to cause a Denial of Service condition for a client.
    - CVE-2021-3733
  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2021-3737.patch: addresses the potential for the
      urllib http client to enter into an infinite loop and hang on a 100
      Continue response from a malicious server.
    - debian/patches/CVE-2021-3737_test-fix.patch: improves the regression
      test in Lib/test/test_httplib.py
    - CVE-2021-3737

 -- Ian Constantin <email address hidden> Thu, 09 Dec 2021 12:53:27 -0500

Source diff to previous version
CVE-2020-8492 Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular E
CVE-2021-3733 Denial of service when identifying crafted invalid RFCs
CVE-2021-3737 client can enter an infinite loop on a 100 Continue response from the server

Version: 3.8.0-3~18.04.1 2021-03-03 17:06:15 UTC

  python3.8 (3.8.0-3~18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Code execution from content received via HTTP
    - debian/patches/CVE-2020-27619.patch: no longer call eval() on
      content received via HTTP in Lib/test/multibytecodec_support.py.
    - CVE-2020-27619
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2021-3177.patch: replace snprintf with Python unicode
      formatting in ctypes param reprs in Lib/ctypes/test/test_parameters.py,
      Modules/_ctypes/callproc.c.
    - CVE-2021-3177

 -- Paulo Flabiano Smorigo <email address hidden> Thu, 25 Feb 2021 22:10:10 +0000

Source diff to previous version
CVE-2020-27619 In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
CVE-2021-3177 Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applic

Version: 3.8.0-3~18.04 2019-11-07 11:06:56 UTC

  python3.8 (3.8.0-3~18.04) bionic-proposed; urgency=medium

  * SRU: LP: #1835737. Backport the final Python 3.8.0 release.
  * Don't build the -doc package, outdated sphinx version in bionic.

 -- Matthias Klose <email address hidden> Mon, 28 Oct 2019 17:14:01 +0100

1835737 SRU: backport Python 3.8 to bionic



About   -   Send Feedback to @ubuntu_updates