Package "python3.10-full"
| Name: |
python3.10-full
|
Description: |
Python Interpreter with complete class library (version 3.10)
|
| Latest version: |
3.10.12-1~22.04.15 |
| Release: |
jammy (22.04) |
| Level: |
updates |
| Repository: |
universe |
| Head package: |
python3.10 |
Links
Download "python3.10-full"
Other versions of "python3.10-full" in Jammy
Changelog
|
python3.10 (3.10.12-1~22.04.15) jammy-security; urgency=medium
* SECURITY REGRESSION: Revert patch for CVE-2025-15366
- debian/patches/CVE-2025-15366.patch: Reverted. Patch breaks RFC
9051 IMAP conformance and introduces behavior regressions avoided
by upstream.
- CVE-2025-15366
* SECURITY REGRESSION: Revert patch for CVE-2025-15367
- debian/patches/CVE-2025-15367.patch: Reverted to prevent behavior
regressions, aligning with upstream backporting decisions.
- CVE-2025-15367
* SECURITY REGRESSION: Allow HTAB in wsgiref header values
- debian/patches/CVE-2026-0865-2.patch: Permit HTAB in header values
(excluding names) in Lib/wsgiref/headers.py, add test coverage.
- CVE-2026-0865
-- Vyom Yadav <email address hidden> Tue, 03 Mar 2026 17:26:32 +0530
|
| Source diff to previous version |
| CVE-2025-15366 |
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containi |
| CVE-2025-15367 |
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containin |
| CVE-2026-0865 |
User-controlled header names and values containing newlines can allow injecting HTTP headers. |
|
|
python3.10 (3.10.12-1~22.04.13) jammy-security; urgency=medium
* SECURITY UPDATE: HTTP Content-Length denial of service
- debian/patches/CVE-2025-13836.patch: Read large data in chunks with
geometric reads in Lib/http/client.py and add tests in
Lib/test/test_httplib.py
- CVE-2025-13836
-- Vyom Yadav <email address hidden> Thu, 08 Jan 2026 12:22:19 +0530
|
| Source diff to previous version |
| CVE-2025-13836 |
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malici |
|
|
python3.10 (3.10.12-1~22.04.12) jammy-security; urgency=medium
* SECURITY UPDATE: Possible payload obfuscation
- debian/patches/CVE-2025-8291.patch: check consistency of
the zip64 end of central dir record in Lib/zipfile.py,
Lib/test/test_zipfile.py.
- CVE-2025-8291
* SECURITY UPDATE: Performance degradation
- debian/patches/CVE-2025-6075.patch: fix quadratic complexity
in os.path.expandvars() in Lib/ntpatch.py, Lib/posixpath.py,
Lib/test/test_genericpatch.py, Lib/test/test_npath.py.
- CVE-2025-6075
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 04 Nov 2025 05:48:33 -0300
|
| Source diff to previous version |
| CVE-2025-8291 |
The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locat |
| CVE-2025-6075 |
If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables. |
|
|
python3.10 (3.10.12-1~22.04.11) jammy-security; urgency=medium
* SECURITY UPDATE: Regular expression denial of service.
- debian/patches/CVE-2025-6069.patch: Improve regex parsing in
Lib/html/parser.py.
- CVE-2025-6069
* SECURITY UPDATE: Infinite loop when parsing tar archives.
- debian/patches/CVE-2025-8194.patch: Raise exception when count < 0 in
Lib/tarfile.py.
- CVE-2025-8194
-- Hlib Korzhynskyy <email address hidden> Fri, 15 Aug 2025 12:02:43 -0230
|
| CVE-2025-6069 |
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplifie |
| CVE-2025-8194 |
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process |
|
About
-
Send Feedback to @ubuntu_updates
