Package "python3.6"
Name: |
python3.6
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- IDE for Python (v3.6) using Tkinter
- Interactive high-level object-oriented language (pyvenv binary, version 3.6)
|
Latest version: |
3.6.9-1~18.04ubuntu1.9 |
Release: |
bionic (18.04) |
Level: |
updates |
Repository: |
universe |
Links
Other versions of "python3.6" in Bionic
Packages in group
Deleted packages are displayed in grey.
Changelog
python3.6 (3.6.9-1~18.04ubuntu1.9) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2022-45061.patch: fix quadratic time idna decoding
in Lib/encodings/idna.py, Lib/test/test_codecs.py.
- CVE-2022-45061
-- Leonidas Da Silva Barbosa <email address hidden> Fri, 25 Nov 2022 11:10:45 -0300
|
Source diff to previous version |
CVE-2022-45061 |
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3 |
|
python3.6 (3.6.9-1~18.04ubuntu1.8) bionic-security; urgency=medium
* SECURITY UPDATE: Injection Attack
- debian/patches/CVE-2015-20107.patch: Make mailcap refuse to match unsafe
filenames/types/param in Lib/mailcap.py, Lib/test/test_mailcap.py.
- CVE-2015-20107
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 29 Jun 2022 08:45:57 -0300
|
Source diff to previous version |
CVE-2015-20107 |
In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This m |
|
python3.6 (3.6.9-1~18.04ubuntu1.7) bionic-security; urgency=medium
* SECURITY UPDATE: Expose sensitive information
- debian/patches/CVE-2021-3426.patch: remove pydoc getfile feature
in Lib/pydoc.py, Lib/test/test_pydoc.py.
- CVE-2021-3426
* SECURITY UPDATE: Expose sensitive information
- debian/patches/CVE-2021-4189.patch: alters ftplib.FTP class
behavior to not trust the IPv4 address sent from the remote
server when setting up a passive data channel in
resposne in Lib/ftplib.py, Lib/test/test_ftplib.py.
- CVE-2021-4189
* SECURITY UPDATE: Injection Attack
- debian/patches/CVE-2022-0391.patch: sanitize urls in urllib.parse
when it containing ASCII newline and tabs in
Doc/library/urllib.parse.rst, Lib/test/test_urlparse.py,
Lib/urllib/parse.py.
- CVE-2022-0391
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 15 Mar 2022 10:55:28 -0300
|
Source diff to previous version |
CVE-2021-3426 |
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc |
CVE-2021-4189 |
ftplib should not use the host from the PASV response |
CVE-2022-0391 |
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into componen |
|
python3.6 (3.6.9-1~18.04ubuntu1.6) bionic-security; urgency=medium
* SECURITY UPDATE: Regular Expression Denial of Service
- debian/patches/CVE-2021-3733.patch: updates a regular expression in the
urllib.request.AbstractBasicAuthHandler class which has a quadratic
worst-case time complexity and could be abused by a malicious HTTP
server to cause a Denial of Service condition for a client.
- CVE-2021-3733
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2021-3737.patch: addresses the potential for the
urllib http client to enter into an infinite loop and hang on a 100
Continue response from a malicious server.
- debian/patches/CVE-2021-3737_test-fix.patch: improves the regression
test in Lib/test/test_httplib.py
- CVE-2021-3737
-- Ian Constantin <email address hidden> Wed, 08 Dec 2021 16:08:43 -0500
|
Source diff to previous version |
CVE-2021-3733 |
Denial of service when identifying crafted invalid RFCs |
CVE-2021-3737 |
client can enter an infinite loop on a 100 Continue response from the server |
|
python3.6 (3.6.9-1~18.04ubuntu1.4) bionic-security; urgency=medium
* SECURITY UPDATE: Code execution from content received via HTTP
- debian/patches/CVE-2020-27619-3.6.patch: no longer call eval() on
content received via HTTP in Lib/test/multibytecodec_support.py.
- CVE-2020-27619
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2021-3177-3.6.patch: replace snprintf with Python unicode
formatting in ctypes param reprs in Lib/ctypes/test/test_parameters.py,
Modules/_ctypes/callproc.c.
- CVE-2021-3177
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 26 Jan 2021 12:33:00 -0300
|
CVE-2020-27619 |
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. |
CVE-2021-3177 |
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applic |
|
About
-
Send Feedback to @ubuntu_updates