Package "libpython3.10-dbg"

  python3.10 (3.10.7-1ubuntu0.4) kinetic-security; urgency=medium

  * SECURITY UPDATE: Possible Bypass Blocklisting
    - debian/patches/CVE-2023-24329-2.patch: adds a complementary patch/fix
      for CVE-2023-24329 that was partially fixed before. This patch starts
      stripping C0 control and space chars in 'urlsplit' in Lib/urllib/parse.py,
      Lib/test/test_urlparse.py.
    - CVE-2023-24329

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 29 May 2023 10:51:48 -0300

  python3.10 (3.10.7-1ubuntu0.3) kinetic-security; urgency=medium

  * SECURITY UPDATE: Possible Bypass Blocklisting
    - debian/patches/CVE-2023-24329.patch: enforce
      that a scheme must begin with an alphabetical ASCII character
      in Lib/urllib/parse.py, Lib/test/test_urlparse.py.
    - CVE-2023-24329

 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 10 Mar 2023 07:47:39 -0300

  python3.10 (3.10.7-1ubuntu0.2) kinetic-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2022-37454.patch: fixes buffer overflow in
      Modules/_sha3/kcp/KeccakSponge.inc (LP: #1995197).
    - CVE-2022-37454
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2022-45061.patch: fix quadratic time idna decoding
      in Lib/encodings/idna.py, Lib/test/test_codecs.py.
    - CVE-2022-45061

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 24 Nov 2022 16:45:47 -0300

  python3.10 (3.10.7-1ubuntu0.1) kinetic-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via multiprocessing forkserver
    start method
    - debian/patches/CVE-2022-42919.patch: don't use Linux abstract sockets
      in Lib/multiprocessing/connection.py.
    - CVE-2022-42919

 -- Marc Deslauriers <email address hidden> Wed, 02 Nov 2022 14:49:29 -0400