[SECURITY] [DLA 3477-1] python3.7 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3477-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
June 30, 2023 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : python3.7
Version : 3.7.3-2+deb10u5
CVE ID : CVE-2015-20107 CVE-2020-10735 CVE-2021-3426 CVE-2021-3733
CVE-2021-3737 CVE-2021-4189 CVE-2022-45061
Several vulnerabilities were fixed in the Python3 interpreter.
CVE-2015-20107
The mailcap module did not add escape characters into commands
discovered in the system mailcap file.
CVE-2020-10735
Prevent DoS with very large int.
CVE-2021-3426
Remove the pydoc getfile feature which could be abused to read
arbitrary files on the disk.
CVE-2021-3733
Regular Expression Denial of Service in urllib's AbstractBasicAuthHandler class.
CVE-2021-3737
Infinite loop in the HTTP client code.
CVE-2021-4189
Make ftplib not trust the PASV response.
CVE-2022-45061
Quadratic time in the IDNA decoder.
For Debian 10 buster, these problems have been fixed in version
3.7.3-2+deb10u5.
We recommend that you upgrade your python3.7 packages.
For the detailed security status of python3.7 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python3.7
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmSfQHAACgkQiNJCh6LY
mLFENA/9GmRVfnKG5p47RlAX2dibE+2fBguKS9U9CnvRcal/2UdxZ+viFNQfzAlH
mHpNcd3btQujxjeXba5BFiIJlVCL4osKItRuMRyfipj08W2+GQBoy/lNYbROAJ9r
HziNN0ixV9HKymcKwIpiFp7pE2wM+xMjhlITIFiojZ5VAGDncXWL40tHcjJ3hEqY
p3wDLflPqncp/Te83BooXGgkDVh1xycacrpvSRRdqgLC2cahODLy5t8WiU7jdQsI
84TPOMFvAqyH9JWGBMt+scejm912tuCkNP+BYr7jn/5wU+M+Bb2VZqlI1c9f723o
D9idXWgka0ArMaIQI3sog1PehXL/01ZUD2vFWFYIccXeCuTT3tgM/JROYGvK3Ftn
gEJiaZfr2J5Z0F8S8mcy59E9vNmIkIqD4QIjOk7/B2Wnn/WcoNs70GjybDLURD5a
JwxQrDY5kf9WgeuiTWVhwRVtfy54eXHPKWMJ5bDbT2DztxQZ2jPDeZW204SP1M+9
5uokvXfEfYyEtr6s77xfJVf2zhKLkVflokgeOjDJh3hhz/ypRXVJ9GVaYNkPnvwj
nU23kvCVCBGcGYt72dvcH1Xx5UEpAqw/IEwq1C2CRSxaz7B/SrmppeDEkE8E6ZL4
g3lmJWtuPS7iMCOucA2szaYDVuOuWxIozCaTHT4vn42LKuVWQ6k=
=we+R
-----END PGP SIGNATURE-----
Reply to: