UbuntuUpdates.org

Package "python3.8"

Name: python3.8

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • IDE for Python (v3.8) using Tkinter
  • Testsuite for the Python standard library (v3.8)
  • Python Interpreter with complete class library (version 3.8)
  • Interactive high-level object-oriented language (pyvenv binary, version 3.8)
Latest version: 3.8.10-0ubuntu1~20.04.18
Release: focal (20.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "python3.8" in Focal

Repository Area Version
base universe 3.8.2-1ubuntu1
base main 3.8.2-1ubuntu1
security main 3.8.10-0ubuntu1~20.04.18
updates main 3.8.10-0ubuntu1~20.04.18
updates universe 3.8.10-0ubuntu1~20.04.18

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.8.10-0ubuntu1~20.04.18 2025-03-25 00:06:54 UTC

  python3.8 (3.8.10-0ubuntu1~20.04.18) focal-security; urgency=medium

  * SECURITY UPDATE: urlparse does not flag hostname with square brackets
    as incorrect
    - debian/patches/CVE-2025-0938-pre1.patch: Removed.
    - debian/patches/CVE-2025-0938-pre2.patch: Removed.
    - debian/patches/add-support-for-scoped-IPv6-addresses.patch: Add
      support for scoped IPv6 addresses.
    - debian/patches/CVE-2025-0938.patch: Updated.
    - CVE-2025-0938

 -- Fabian Toepfer <email address hidden> Tue, 18 Mar 2025 21:04:55 +0100
Source diff to previous version
CVE-2025-0938 The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid ac

Version: 3.8.10-0ubuntu1~20.04.17 2025-03-18 04:06:48 UTC

  python3.8 (3.8.10-0ubuntu1~20.04.17) focal-security; urgency=medium

  * SECURITY REGRESSION: IPv6 parsing issue (LP: #2103454)
    - debian/patches/CVE-2025-0938*.patch: Disable patches until further
      investigation

 -- Marc Deslauriers <email address hidden> Mon, 17 Mar 2025 15:35:05 -0400
Source diff to previous version
2103454 3.8.10-0ubuntu1~20.04.16 broke IPv6 zone parsing
CVE-2025-0938 The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid ac

Version: 3.8.10-0ubuntu1~20.04.16 2025-03-12 18:06:58 UTC

  python3.8 (3.8.10-0ubuntu1~20.04.16) focal-security; urgency=medium

  * SECURITY UPDATE: incorrect quoting in venv module
    - debian/patches/CVE-2024-9287.patch: Updated to fix additional
      quotes in activation scripts Lib/venv/scripts/common/activate,
      Lib/venv/scripts/posix/activate.csh, and
      Lib/venv/scripts/posix/activate.fish.
    - CVE-2024-9287
  * SECURITY UPDATE: urlparse does not flag hostname with square brackets
    as incorrect
    - debian/patches/CVE-2025-0938-pre1.patch: Remove urlsplit()
      optimization for 'http' prefixed inputs.
    - debian/patches/CVE-2025-0938-pre2.patch: Fix urlparse() with numeric
      paths.
    - debian/patches/CVE-2025-0938.patch: Refreshed. It has together with
      the pre patches the intended effect now.
    - CVE-2025-0938

 -- Fabian Toepfer <email address hidden> Tue, 11 Mar 2025 18:45:31 +0100
Source diff to previous version
CVE-2024-9287 A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted pro
CVE-2025-0938 The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid ac

Version: 3.8.10-0ubuntu1~20.04.15 2025-02-20 23:07:12 UTC

  python3.8 (3.8.10-0ubuntu1~20.04.15) focal-security; urgency=medium

  * SECURITY UPDATE: urlparse does not flag hostname with square brackets
    as incorrect
    - debian/patches/CVE-2025-0938.patch: disallow square brackets in
      domain names for parsed URLs in Lib/test/test_urlparse.py,
      Lib/urllib/parse.py.
    - CVE-2025-0938

 -- Marc Deslauriers <email address hidden> Tue, 04 Feb 2025 10:02:54 -0500
Source diff to previous version
CVE-2025-0938 The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid ac

Version: 3.8.10-0ubuntu1~20.04.14 2025-01-20 18:07:49 UTC

  python3.8 (3.8.10-0ubuntu1~20.04.14) focal-security; urgency=medium

  * SECURITY UPDATE: incorrect validation of bracketed hosts
    - debian/patches/CVE-2024-11168.patch: add checks to ensure that
      bracketed hosts found by urlsplit are of IPv6 or IPvFuture format in
      Lib/urllib/parse.py, Lib/test/test_urlparse.py.
    - CVE-2024-11168

 -- Marc Deslauriers <email address hidden> Fri, 17 Jan 2025 09:40:23 -0500
CVE-2024-11168 The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This


About   -   Send Feedback to @ubuntu_updates