Package "python3.6"

Name: python3.6


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • IDE for Python (v3.6) using Tkinter
  • Interactive high-level object-oriented language (pyvenv binary, version 3.6)

Latest version: 3.6.9-1~18.04
Release: bionic (18.04)
Level: updates
Repository: universe


Save this URL for the latest version of "python3.6": https://www.ubuntuupdates.org/python3.6

Other versions of "python3.6" in Bionic

Repository Area Version
base main 3.6.5-3
base universe 3.6.5-3
security universe 3.6.8-1~18.04.3
security main 3.6.8-1~18.04.3
updates main 3.6.9-1~18.04

Packages in group

Deleted packages are displayed in grey.


Version: 3.6.9-1~18.04 2019-11-25 14:06:31 UTC

  python3.6 (3.6.9-1~18.04) bionic-proposed; urgency=medium

  * SRU: LP: #1835738, backport 3.6.9 to 18.04.
  * Python 3.6.9 release.
  * Remove patches applied upstream:
    - CVE-2018-20852.patch
    - CVE-2019-5010.patch
    - CVE-2019-9636.patch
    - CVE-2019-9740.patch
    - CVE-2019-9948.patch
    - CVE-2019-10160-1.patch
    - CVE-2019-10160-2.patch
  * Enable the lto build on arm64.

 -- Matthias Klose <email address hidden> Thu, 07 Nov 2019 11:44:02 +0100

Source diff to previous version
CVE-2018-20852 http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be trick
CVE-2019-5010 An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 ce
CVE-2019-9636 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normal
CVE-2019-9740 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker co
CVE-2019-9948 urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that
CVE-2019-10160 A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.

Version: 3.6.8-1~18.04.3 2019-10-14 17:07:16 UTC

  python3.6 (3.6.8-1~18.04.3) bionic-security; urgency=medium

  * SECURITY UPDATE: incorrect email address parsing
    - debian/patches/CVE-2019-16056.patch: don't parse domains containing @
      in Lib/email/_header_value_parser.py, Lib/email/_parseaddr.py,
    - CVE-2019-16056
  * SECURITY UPDATE: XSS in documentation XML-RPC server
    - debian/patches/CVE-2019-16935.patch: escape the server_title in
      Lib/xmlrpc/server.py, Lib/test/test_docxmlrpc.py.
    - CVE-2019-16935

 -- Marc Deslauriers <email address hidden> Mon, 07 Oct 2019 08:59:55 -0400

Source diff to previous version
CVE-2019-16056 An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses em
CVE-2019-16935 The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs

Version: 3.6.8-1~18.04.2 2019-09-09 19:07:04 UTC
No changelog available yet.
Source diff to previous version

Version: 3.6.8-1~18.04.1 2019-06-10 17:06:14 UTC

  python3.6 (3.6.8-1~18.04.1) bionic; urgency=medium

  * Rebuild with OpenSSL 1.1.1. LP: #1797386

Source diff to previous version

Version: 3.6.7-1~18.04 2018-11-19 13:06:42 UTC

  python3.6 (3.6.7-1~18.04) bionic-proposed; urgency=medium

  * SRU: LP: #1799206.

1799206 SRU: update python3.6 to the new minor release 3.6.7

About   -   Send Feedback to @ubuntu_updates