UbuntuUpdates.org

Package "idle-python3.10"

Name: idle-python3.10

Description:

IDE for Python (v3.10) using Tkinter

Latest version: 3.10.12-1~22.04.16
Release: jammy (22.04)
Level: security
Repository: universe
Head package: python3.10

Links


Download "idle-python3.10"


Other versions of "idle-python3.10" in Jammy

Repository Area Version
base universe 3.10.4-3
updates universe 3.10.12-1~22.04.16

Changelog

Version: 3.10.12-1~22.04.16 2026-07-06 14:07:55 UTC

  python3.10 (3.10.12-1~22.04.16) jammy-security; urgency=medium

  * SECURITY UPDATE: incorrect normalization in tarfile module
    - debian/patches/CVE-2025-13462.patch: Skip TarInfo DIRTYPE normalization
      during GNU long name handling in Lib/tarfile.py,
      Lib/test/test_tarfile.py.
    - CVE-2025-13462
  * SECURITY UPDATE: crash in Markdown parsing
    - debian/patches/CVE-2025-69534-1.patch: Fix comment parsing in HTMLParser
      according to the HTML5 standard in Lib/html/parser.py,
      Lib/test/test_htmlparser.py.
    - debian/patches/CVE-2025-69534-2.patch: Fix parsing start and end tags in
      HTMLParser according to the HTML5 standard in Lib/html/parser.py,
      Lib/test/support/__init__.py, Lib/test/test_htmlparser.py.
    - debian/patches/CVE-2025-69534-3.patch: Fix parsing attributes with
      whitespaces around the "=" separator in HTMLParser in Lib/html/parser.py,
      Lib/test/test_htmlparser.py.
    - debian/patches/CVE-2025-69534-4.patch: Fix support of elements "textarea"
      and "title" in HTMLParser in Lib/html/parser.py,
      Lib/test/test_htmlparser.py.
    - debian/patches/CVE-2025-69534-5.patch: Fix CDATA section parsing in
      HTMLParser in Lib/html/parser.py, Lib/test/test_htmlparser.py.
    - debian/patches/CVE-2025-69534-6.patch: Support more RAWTEXT and PLAINTEXT
      elements in HTMLParser in Doc/library/html.parser.rst, Lib/html/parser.py,
      Lib/test/test_htmlparser.py.
    - CVE-2025-69534
  * SECURITY UPDATE: incorrect newlines quoting in email module
    - debian/patches/CVE-2026-1299.patch: email: verify headers are sound in
      BytesGenerator in Lib/email/generator.py,
      Lib/test/test_email/test_generator.py, Lib/test/test_email/test_policy.py.
    - CVE-2026-1299
  * SECURITY UPDATE:HTTP proxy via "CONNECT" tunneling doesn't sanitize CR/LF
    - debian/patches/CVE-2026-1502.patch: Reject CR/LF in HTTP tunnel request
      headers in Lib/http/client.py, Lib/test/test_httplib.py.
    - CVE-2026-1502
  * SECURITY UPDATE: missing audit event for legacy *.pyc files
    - debian/patches/CVE-2026-2297.patch: Ensure SourcelessFileLoader uses
      io.open_code in Lib/importlib/_bootstrap_external.py.
    - CVE-2026-2297
  * SECURITY UPDATE: unicodedata.normalize() can take excessive CPU time
    - debian/patches/CVE-2026-3276.patch: Fix O(n^2) canonical ordering in
      unicodedata.normalize() in Lib/test/test_unicodedata.py,
      Modules/unicodedata.c.
    - CVE-2026-3276
  * SECURITY UPDATE: Incomplete fix for CVE-2026-0672
    - debian/patches/CVE-2026-3644.patch: Reject control characters in
      http.cookies.Morsel.update() in Lib/http/cookies.py,
      Lib/test/test_http_cookies.py.
    - CVE-2026-3644
  * SECURITY UPDATE: Overflow in Expat parser
    - debian/patches/CVE-2026-4224.patch: Avoid unbound C recursion in
      conv_content_model in pyexpat.c in Lib/test/test_pyexpat.py,
      Modules/pyexpat.c.
    - CVE-2026-4224
  * SECURITY UPDATE: leading dashes used as options in webbrowser.open()
    - debian/patches/CVE-2026-4519-1.patch: Reject leading dashes in webbrowser
      URLs in Lib/test/test_webbrowser.py, Lib/webbrowser.py.
    - debian/patches/CVE-2026-4519-2.patch: Tweak the exception message and
      increase test coverage in Lib/test/test_webbrowser.py, Lib/webbrowser.py.
    - CVE-2026-4519
  * SECURITY UPDATE: Mitgation of CVE-2026-4519 was incomplete
    - debian/patches/CVE-2026-4786.patch: Fix webbrowser `%action` substitution
      bypass of dash-prefix check in Lib/test/test_webbrowser.py,
      Lib/webbrowser.py.
    - CVE-2026-4786
  * SECURITY UPDATE: insufficient escaping in http.cookies.Morsel.js_output()
    - debian/patches/CVE-2026-6019-1.patch: Base64-encode cookie values
      embedded in JS in Lib/http/cookies.py, Lib/test/test_http_cookies.py.
    - debian/patches/CVE-2026-6019-2.patch: Use `decodeURIComponent()` for
      UTF-8 support in `js_output()` in Lib/http/cookies.py,
      Lib/test/test_http_cookies.py.
    - CVE-2026-6019
  * SECURITY UPDATE: use-after-free in lzma, bz2, gzip decoders
    - debian/patches/CVE-2026-6100.patch: Fix a possible UAF in
      `{LZMA,BZ2,_Zlib}Decompressor` in Modules/_bz2module.c,
      Modules/_lzmamodule.c.
    - CVE-2026-6100
  * SECURITY UPDATE: Incomplete fix for CVE-2021-4189
    - debian/patches/CVE-2026-8328.patch: Apply CVE-2021-4189 PASV fix to
      ftplib.ftpcp() (GH-149648) (#149795) in Lib/ftplib.py,
      Lib/test/test_ftplib.py.
    - CVE-2026-8328
  * SECURITY UPDATE: bz2.BZ2Decompressor object reuse after decompression error
    - debian/patches/CVE-2026-9669.patch: Prevent bz2 decompressor reuse after
      errors in Lib/test/test_bz2.py, Modules/_bz2module.c.
    - CVE-2026-9669

 -- Marc Deslauriers <email address hidden> Mon, 22 Jun 2026 14:55:27 -0400

Source diff to previous version
CVE-2025-13462 The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE
CVE-2025-69534 Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled Assert
CVE-2026-1299 The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allow
CVE-2026-1502 CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
CVE-2026-2297 The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not
CVE-2026-3276 unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with
CVE-2026-0672 When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all contro
CVE-2026-3644 The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling
CVE-2026-4224 When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stac
CVE-2026-4519 The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behav
CVE-2026-4786 Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.
CVE-2026-6019 http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It does not neutralize the HTML
CVE-2026-6100 Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `M
CVE-2021-4189 ftplib should not use the host from the PASV response
CVE-2026-8328 The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV ho
CVE-2026-9669 bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same dec

Version: 3.10.12-1~22.04.15 2026-03-09 09:08:14 UTC

  python3.10 (3.10.12-1~22.04.15) jammy-security; urgency=medium

  * SECURITY REGRESSION: Revert patch for CVE-2025-15366
    - debian/patches/CVE-2025-15366.patch: Reverted. Patch breaks RFC
      9051 IMAP conformance and introduces behavior regressions avoided
      by upstream.
    - CVE-2025-15366
  * SECURITY REGRESSION: Revert patch for CVE-2025-15367
    - debian/patches/CVE-2025-15367.patch: Reverted to prevent behavior
      regressions, aligning with upstream backporting decisions.
    - CVE-2025-15367
  * SECURITY REGRESSION: Allow HTAB in wsgiref header values
    - debian/patches/CVE-2026-0865-2.patch: Permit HTAB in header values
      (excluding names) in Lib/wsgiref/headers.py, add test coverage.
    - CVE-2026-0865

 -- Vyom Yadav <email address hidden> Tue, 03 Mar 2026 17:26:32 +0530

Source diff to previous version
CVE-2025-15366 The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containi
CVE-2025-15367 The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containin
CVE-2026-0865 User-controlled header names and values containing newlines can allow injecting HTTP headers.

Version: 3.10.12-1~22.04.14 2026-02-05 19:07:49 UTC

  python3.10 (3.10.12-1~22.04.14) jammy-security; urgency=medium

  * SECURITY UPDATE: Header injection in email messages where addresses are not
    sanitized.
    - debian/patches/CVE-2025-11468.patch: Add escape parentheses and backslash
      in Lib/email/_header_value_parser.py. Add test in
      Lib/test/test_email/test__header_value_parser.py.
    - CVE-2025-11468
  * SECURITY UPDATE: Quadratic algorithm when building excessively nested XML
    documents.
    - debian/patches/CVE-2025-12084-*.patch: Remove _in_document and replace
      with node.ownerDocument in Lib/xml/dom/minidom.py. Set self.ownerDocument
      to None in Lib/xml/dom/minidom.py. Add test in Lib/test/test_minidom.py.
    - CVE-2025-12084
  * SECURITY UPDATE: OOM and denial of service when opening malicious plist
    file.
    - debian/patches/CVE-2025-13837.patch: Add _MIN_READ_BUF_SIZE and _read
      with checks in Lib/plistlib.py. Add test in Lib/test/test_plistlib.py.
    - CVE-2025-13837
  * SECURITY UPDATE: Header injection in user controlled data URLs in urllib.
    - debian/patches/CVE-2025-15282.patch: Add control character checks in
      Lib/urllib/request.py. Add test in Lib/test/test_urllib.py.
  * SECURITY UPDATE: Command injection through user controlled commands in
    imaplib.
    - debian/patches/CVE-2025-15366.patch: Add _control_chars and checks in
      Lib/imaplib.py. Add test in Lib/test/test_imaplib.py.
  * SECURITY UPDATE: Command injection through user controlled commands in
    poplib.
    - debian/patches/CVE-2025-15367.patch: Add control character regex check
      in Lib/poplib.py. Add test in Lib/test/test_poplib.py.
    - CVE-2025-15367
  * SECURITY UPDATE: HTTP header injection in user controlled cookie values.
    - debian/patches/CVE-2026-0672.patch: Add _control_characters_re and
      checks in Lib/http/cookies.py. Add test in Lib/test/test_http_cookies.py.
    - CVE-2026-0672
  * SECURITY UPDATE: HTTP header injection in user controlled headers and
    values with newlines.
    - debian/patches/CVE-2026-0865.patch: Add _control_chars_re and check in
      Lib/wsgiref/headers.py. Add test in Lib/test/support/__init__.py and
      Lib/test/test_wsgiref.py.
    - CVE-2026-0865

 -- Hlib Korzhynskyy <email address hidden> Mon, 26 Jan 2026 11:25:28 -0330

Source diff to previous version
CVE-2025-11468 When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be us
CVE-2025-12084 When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadra
CVE-2025-13837 When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
CVE-2025-15282 User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.
CVE-2025-15366 The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containi
CVE-2025-15367 The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containin
CVE-2026-0672 When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all contro
CVE-2026-0865 User-controlled header names and values containing newlines can allow injecting HTTP headers.

Version: 3.10.12-1~22.04.13 2026-01-12 09:07:45 UTC

  python3.10 (3.10.12-1~22.04.13) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP Content-Length denial of service
    - debian/patches/CVE-2025-13836.patch: Read large data in chunks with
      geometric reads in Lib/http/client.py and add tests in
      Lib/test/test_httplib.py
    - CVE-2025-13836

 -- Vyom Yadav <email address hidden> Thu, 08 Jan 2026 12:22:19 +0530

Source diff to previous version
CVE-2025-13836 When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malici

Version: 3.10.12-1~22.04.12 2025-11-24 20:07:52 UTC

  python3.10 (3.10.12-1~22.04.12) jammy-security; urgency=medium

  * SECURITY UPDATE: Possible payload obfuscation
    - debian/patches/CVE-2025-8291.patch: check consistency of
      the zip64 end of central dir record in Lib/zipfile.py,
      Lib/test/test_zipfile.py.
    - CVE-2025-8291
  * SECURITY UPDATE: Performance degradation
    - debian/patches/CVE-2025-6075.patch: fix quadratic complexity
      in os.path.expandvars() in Lib/ntpatch.py, Lib/posixpath.py,
      Lib/test/test_genericpatch.py, Lib/test/test_npath.py.
    - CVE-2025-6075

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 04 Nov 2025 05:48:33 -0300

CVE-2025-8291 The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locat
CVE-2025-6075 If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.



About   -   Send Feedback to @ubuntu_updates