UbuntuUpdates.org

Package "python3.12-examples"

Name: python3.12-examples

Description:

Examples for the Python language (v3.12)
Latest version: 3.12.3-1ubuntu0.8
Release: noble (24.04)
Level: security
Repository: main
Head package: python3.12

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "python3.12-examples"

All arch deb package
APT INSTALL

Other versions of "python3.12-examples" in Noble

Repository Area Version
base main 3.12.3-1
updates main 3.12.3-1ubuntu0.8

Changelog

Version: 3.12.3-1ubuntu0.8 2025-08-21 23:26:02 UTC

  python3.12 (3.12.3-1ubuntu0.8) noble-security; urgency=medium

  * SECURITY UPDATE: Regular expression denial of service.
    - debian/patches/CVE-2025-6069.patch: Improve regex parsing in
      Lib/html/parser.py.
    - CVE-2025-6069
  * SECURITY UPDATE: Infinite loop when parsing tar archives.
    - debian/patches/CVE-2025-8194.patch: Raise exception when count < 0 in
      Lib/tarfile.py.
    - CVE-2025-8194

 -- Hlib Korzhynskyy <email address hidden> Thu, 14 Aug 2025 15:17:21 -0230
Source diff to previous version
CVE-2025-6069 The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplifie
CVE-2025-8194 There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process

Version: 3.12.3-1ubuntu0.7 2025-06-19 17:11:30 UTC

  python3.12 (3.12.3-1ubuntu0.7) noble-security; urgency=medium

  * SECURITY UPDATE: Arbitrary filesystem and metadata write through improper
    tar filtering.
    - debian/patches/CVE-202x-12718-4138-4x3x-4517.patch: Add ALLOW_MISSING in
      ./Lib/genericpath.py, ./Lib/ntpath.py, ./Lib/posixpath.py. Change filter
      to handle errors in ./Lib/ntpath.py, ./Lib/posixpath.py. Add checks and
      unfiltered to ./Lib/tarfile.py. Modify tests.
    - CVE-2024-12718
    - CVE-2025-4138
    - CVE-2025-4330
    - CVE-2025-4435
    - CVE-2025-4517

 -- Hlib Korzhynskyy <email address hidden> Wed, 18 Jun 2025 15:29:45 -0230
Source diff to previous version
CVE-2024-12718 Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extrac
CVE-2025-4138 Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file me
CVE-2025-4330 Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file me
CVE-2025-4435 When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extrac
CVE-2025-4517 Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if

Version: 3.12.3-1ubuntu0.6 2025-06-16 14:07:05 UTC

  python3.12 (3.12.3-1ubuntu0.6) noble-security; urgency=medium

  * SECURITY UPDATE: incorrect address list folding
    - debian/patches/CVE-2025-1795-2.patch: fix AttributeError in the email
      module in Lib/email/_header_value_parser.py,
      Lib/test/test_email/test__header_value_parser.py.
    - CVE-2025-1795
  * SECURITY UPDATE: DoS via bytes.decode with unicode_escape
    - debian/patches/CVE-2025-4516.patch: fix use-after-free in the
      unicode-escape decoder with an error handler in
      Include/cpython/bytesobject.h, Include/cpython/unicodeobject.h,
      Lib/test/test_codeccallbacks.py, Lib/test/test_codecs.py,
      Objects/bytesobject.c, Objects/unicodeobject.c,
      Parser/string_parser.c.
    - CVE-2025-4516

 -- Marc Deslauriers <email address hidden> Mon, 26 May 2025 14:50:19 -0400
Source diff to previous version
CVE-2025-1795 During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is a
CVE-2025-4516 There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding

Version: 3.12.3-1ubuntu0.5 2025-02-20 23:07:28 UTC

  python3.12 (3.12.3-1ubuntu0.5) noble-security; urgency=medium

  * SECURITY UPDATE: urlparse does not flag hostname with square brackets
    as incorrect
    - debian/patches/CVE-2025-0938.patch: disallow square brackets in
      domain names for parsed URLs in Lib/test/test_urlparse.py,
      Lib/urllib/parse.py.
    - CVE-2025-0938

 -- Marc Deslauriers <email address hidden> Tue, 04 Feb 2025 09:48:35 -0500
Source diff to previous version
CVE-2025-0938 The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid ac

Version: 3.12.3-1ubuntu0.4 2025-01-20 18:07:51 UTC

  python3.12 (3.12.3-1ubuntu0.4) noble-security; urgency=medium

  * SECURITY UPDATE: memory exhaustion issue in asyncio
    - debian/patches/CVE-2024-12254.patch: ensure to pause the protocol if
      needed in Lib/asyncio/selector_events.py,
      Lib/test/test_asyncio/test_selector_events.py.
    - CVE-2024-12254

 -- Marc Deslauriers <email address hidden> Fri, 17 Jan 2025 13:03:48 -0500
CVE-2024-12254 Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain t


About   -   Send Feedback to @ubuntu_updates