Package "python3.8-dev"

Name: python3.8-dev


Header files and a static library for Python (v3.8)

Latest version: 3.8.5-1~20.04.2
Release: focal (20.04)
Level: security
Repository: main
Head package: python3.8


Download "python3.8-dev"

Other versions of "python3.8-dev" in Focal

Repository Area Version
base main 3.8.2-1ubuntu1
updates main 3.8.5-1~20.04.2


Version: 3.8.5-1~20.04.2 2021-02-25 14:06:21 UTC

  python3.8 (3.8.5-1~20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: Code execution from content received via HTTP
    - debian/patches/CVE-2020-27619-3.8.patch: no longer call eval() on
      content received via HTTP in Lib/test/multibytecodec_support.py.
    - CVE-2020-27619
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2021-3177-3.8.patch: replace snprintf with Python unicode
      formatting in ctypes param reprs in Lib/ctypes/test/test_parameters.py,
    - CVE-2021-3177
  * Skipping test_idle in riscv64 arch
    - debian/rules: adding test_idle to TEST_EXCLUDES in riscv64 arch due it
      hangs in build time.

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 27 Jan 2021 12:41:15 -0300

Source diff to previous version
CVE-2020-27619 In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
CVE-2021-3177 Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applic

Version: 3.8.5-1~20.04 2020-10-07 09:06:21 UTC

  python3.8 (3.8.5-1~20.04) focal-proposed; urgency=medium

  * SRU: LP: #1889218. Backport Python 3.8.5 to 20.04 LTS.

Source diff to previous version
1889218 SRU: backport Python 3.8.5 to 20.04 LTS

Version: 3.8.2-1ubuntu1.2 2020-07-22 15:06:25 UTC

  python3.8 (3.8.2-1ubuntu1.2) focal-security; urgency=medium

  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2019-20907.patch: avoid infinite loop in the
      tarfile module in Lib/tarfile.py, Lib/test/test_tarfile.py and add
      Lib/test/recursion.tar binary for test.
    - CVE-2019-20907
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2020-14422.patch: Resolve hash collisions for
      IPv4Interface and IPv6Interface in Lib/ipaddress.py,
    - CVE-2020-14422

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 16 Jul 2020 11:00:26 -0300

Source diff to previous version
CVE-2019-20907 In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, becaus
CVE-2020-14422 Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote a

Version: 3.8.2-1ubuntu1.1 2020-04-30 13:07:08 UTC
No changelog available yet.

About   -   Send Feedback to @ubuntu_updates