UbuntuUpdates.org

Package "python3.5"

Name: python3.5

Description:

Interactive high-level object-oriented language (version 3.5)

Latest version: 3.5.2-2ubuntu0~16.04.9
Release: xenial (16.04)
Level: security
Repository: main

Links

Save this URL for the latest version of "python3.5": https://www.ubuntuupdates.org/python3.5


Download "python3.5"


Other versions of "python3.5" in Xenial

Repository Area Version
base universe 3.5.1-10
base main 3.5.1-10
security universe 3.5.2-2ubuntu0~16.04.9
updates main 3.5.2-2ubuntu0~16.04.9
updates universe 3.5.2-2ubuntu0~16.04.9

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.5.2-2ubuntu0~16.04.9 2019-10-09 14:08:19 UTC

  python3.5 (3.5.2-2ubuntu0~16.04.9) xenial-security; urgency=medium

  * SECURITY UPDATE: incorrect email address parsing
    - debian/patches/CVE-2019-16056.patch: don't parse domains containing @
      in Lib/email/_header_value_parser.py, Lib/email/_parseaddr.py,
      Lib/test/test_email/test__header_value_parser.py,
      Lib/test/test_email/test_email.py.
    - CVE-2019-16056
  * SECURITY UPDATE: XSS in documentation XML-RPC server
    - debian/patches/CVE-2019-16935.patch: escape the server_title in
      Lib/xmlrpc/server.py, Lib/test/test_docxmlrpc.py.
    - CVE-2019-16935
  * debian/patches/avoid_test_docxmlrpc_race.patch: avoid race in
    test_docxmlrpc server setup in Lib/test/test_docxmlrpc.py.

 -- Marc Deslauriers <email address hidden> Tue, 08 Oct 2019 09:06:37 -0400

Source diff to previous version
CVE-2019-16056 An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses em
CVE-2019-16935 The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs

Version: 3.5.2-2ubuntu0~16.04.8 2019-09-09 19:06:56 UTC
No changelog available yet.
Source diff to previous version

Version: 3.5.2-2ubuntu0~16.04.5 2018-11-13 17:07:22 UTC

  python3.5 (3.5.2-2ubuntu0~16.04.5) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS via catastrophic backtracking
    - debian/patches/CVE-2018-106x.patch: fix expressions in
      Lib/difflib.py, Lib/poplib.py. Added tests to
      Lib/test/test_difflib.py, Lib/test/test_poplib.py.
    - CVE-2018-1060
    - CVE-2018-1061
  * SECURITY UPDATE: incorrect Expat hash salt initialization
    - debian/patches/CVE-2018-14647.patch: call SetHashSalt in
      Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c.
    - CVE-2018-14647

 -- Marc Deslauriers <email address hidden> Mon, 12 Nov 2018 08:43:14 -0500

Source diff to previous version
CVE-2018-1060 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacke
CVE-2018-1061 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An
CVE-2018-14647 Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service

Version: 3.5.2-2ubuntu0~16.04.4 2017-11-28 21:06:43 UTC

  python3.5 (3.5.2-2ubuntu0~16.04.4) xenial-security; urgency=medium

  * SECURITY UPDATE: integer overflow in the PyBytes_DecodeEscape
    function
    - debian/patches/CVE-2017-1000158.patch: fix this integer overflow
      in Objects/bytesobject.c.
    - CVE-2017-1000158

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 23 Nov 2017 13:37:01 -0300

Source diff to previous version

Version: 3.5.2-2ubuntu0~16.04.1 2016-11-22 19:06:47 UTC

  python3.5 (3.5.2-2ubuntu0~16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: use of HTTP_PROXY flag supplied by attacker in CGI
    scripts (aka HTTPOXY attack)
    - debian/patches/CVE-2016-1000110.patch: if running as CGI
      script, forget HTTP_PROXY in Lib/urllib.py, add test to
      Lib/test/test_urllib.py, add documentation.
    - CVE-2016-1000110
  * NOTE: backport of 3.5.2 to Ubuntu 16.04 LTS also addresses:
    - CVE-2016-0772: StartTLS stripping attack
    - CVE-2016-5636: Integer overflow when handling zipfiles

CVE-2016-1000 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.
CVE-2016-0772 The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, whi
CVE-2016-5636 Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remot



About   -   Send Feedback to @ubuntu_updates