UbuntuUpdates.org

Package "python3.7"

Name: python3.7

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • IDE for Python (v3.7) using Tkinter
  • Testsuite for the Python standard library (v3.7)
  • Interactive high-level object-oriented language (pyvenv binary, version 3.7)

Latest version: 3.7.3-2ubuntu0.2
Release: disco (19.04)
Level: security
Repository: universe

Links

Save this URL for the latest version of "python3.7": https://www.ubuntuupdates.org/python3.7



Other versions of "python3.7" in Disco

Repository Area Version
base universe 3.7.3-2
base main 3.7.3-2
security main 3.7.3-2ubuntu0.2
updates main 3.7.3-2ubuntu0.2
updates universe 3.7.3-2ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.7.3-2ubuntu0.2 2019-10-09 14:08:27 UTC

  python3.7 (3.7.3-2ubuntu0.2) disco-security; urgency=medium

  * SECURITY UPDATE: incorrect email address parsing
    - debian/patches/CVE-2019-16056.patch: don't parse domains containing @
      in Lib/email/_header_value_parser.py, Lib/email/_parseaddr.py,
      Lib/test/test_email/test__header_value_parser.py,
      Lib/test/test_email/test_email.py.
    - CVE-2019-16056
  * SECURITY UPDATE: XSS in documentation XML-RPC server
    - debian/patches/CVE-2019-16935.patch: escape the server_title in
      Lib/xmlrpc/server.py, Lib/test/test_docxmlrpc.py.
    - CVE-2019-16935

 -- Marc Deslauriers <email address hidden> Mon, 07 Oct 2019 08:56:13 -0400

Source diff to previous version
CVE-2019-16056 An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses em
CVE-2019-16935 The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs

Version: 3.7.3-2ubuntu0.1 2019-09-09 19:07:07 UTC
No changelog available yet.



About   -   Send Feedback to @ubuntu_updates