[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted python3.9 3.9.2-1+deb11u1 (source) into oldstable-security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 29 Nov 2024 19:38:21 +0200
Source: python3.9
Architecture: source
Version: 3.9.2-1+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Adrian Bunk <bunk@debian.org>
Changes:
 python3.9 (3.9.2-1+deb11u1) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2015-20107: The mailcap module did not add escape characters
     into commands discovered in the system mailcap file
   * CVE-2020-10735: Prevent DoS with very large int
   * CVE-2021-3426: Remove the pydoc getfile feature which
     could be abused to read arbitrary files on the disk
   * CVE-2021-3733: Regular Expression Denial of Service in urllib's
     AbstractBasicAuthHandler class
   * CVE-2021-3737: Infinite loop in the HTTP client code
   * CVE-2021-4189: Make ftplib not trust the PASV response
   * CVE-2021-28861: Open redirection vulnerability in http.server
   * CVE-2021-29921: Leading zeros in IPv4 addresses are no longer tolerated
   * CVE-2022-42919: Don't use Linux abstract sockets for multiprocessing
   * CVE-2022-45061: Quadratic time in the IDNA decoder
   * CVE-2023-6597: tempfile.TemporaryDirectory failure to remove dir
   * CVE-2023-24329: Strip C0 control and space chars in urlsplit
   * CVE-2023-27043: Reject malformed addresses in email.parseaddr()
   * CVE-2023-40217: ssl.SSLSocket bypass of the TLS handshake
   * CVE-2024-0397: Race condition in ssl.SSLContext
   * CVE-2024-0450: quoted-overlap zipbomb DoS
   * CVE-2024-4032: Incorrect information about private addresses
     in the ipaddress module
   * CVE-2024-6232: ReDoS when parsing tarfile headers
   * CVE-2024-6923: Encode newlines in headers in the email module
   * CVE-2024-7592: Quadratic complexity parsing cookies with backslashes
   * CVE-2024-8088: Infinite loop when iterating over zip archive entry names
   * CVE-2024-9287: venv activation scripts did't quote paths
   * CVE-2024-11168: urllib functions improperly validated bracketed hosts
   * Fix build test failures and make them fatal.
Checksums-Sha1:
 2a1cc0fcf5146d0b86dc2c67ead8f48663628aad 3500 python3.9_3.9.2-1+deb11u1.dsc
 110ca5bca7989f9558a54ee6762e6774a4b9644a 18889164 python3.9_3.9.2.orig.tar.xz
 ae7a921a53cb3b1f9150eca29839294c019caf8a 266200 python3.9_3.9.2-1+deb11u1.debian.tar.xz
Checksums-Sha256:
 f744cc73539a897a7f885e1046addf27b66fc0f9d188dec74cfeb21dbeed5f5b 3500 python3.9_3.9.2-1+deb11u1.dsc
 3c2034c54f811448f516668dce09d24008a0716c3a794dd8639b5388cbde247d 18889164 python3.9_3.9.2.orig.tar.xz
 dddec96735163c498a50bf1fbbdf9d5ca0ba36c93d2366396a5dc78352afdf36 266200 python3.9_3.9.2-1+deb11u1.debian.tar.xz
Files:
 b2274e86a42e0147a223b8e8c00ce149 3500 python optional python3.9_3.9.2-1+deb11u1.dsc
 f0dc9000312abeb16de4eccce9a870ab 18889164 python optional python3.9_3.9.2.orig.tar.xz
 2a4d50409618f27bbe4228579a40c490 266200 python optional python3.9_3.9.2-1+deb11u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmdLfRgACgkQiNJCh6LY
mLFfZw/+O/i1OadGghH1Dn3RLwbU25rK4wbKihGladNXKavqPZVoCbDeXGuMqINY
HXEyyWyJIhU3GX/yqhKeOBQVMSxn9qn9o2UALVnN5XcDAsaGsjXJfykQsHdMLYyt
5PbxqiyKQc93WVITj66ZLPanc1dDcDX8AdxurGFBnnbH9EcHtIVKqTkf3IAyFvJ8
WKXJh2y3RG9EBRrcNHVCd+WumKn7IIQptBAAK+k7cMaxK9EH1eITpsBJJGEQIN1V
WOdnjHEkZEdaAVX6v7+LDCgZG12CsPEPKUYjboOQom4oM6sZIipVOvxEqzXN/3iC
EienkLZnB1vsY/5OMi4rdq99tsmVLu8S+IUyRMjFhhFBvd8ZI3ZLjf7LlB2lrSfd
eETow2W+i+HhAzgDvfD9fIEve29ES7NTq3yXSM3UzyVMFCtX28lmgYFevPDbWGW1
EEJDCwPzZTPbzscr5X0F+UG6bJOzbg9Vpl8Azom1PlkFRHU1DIH5MeeLxbeuk/Nl
HZ3wkP4RVgR3wEdYBWF9+AQj/AbPtdTErrcGh8KLdwDcnf3fT7Jv7O2F342MDrYI
hdRC9ip/90S9X7xjvVtgpkXGd+S+6GfXF4xYmgp4NTvPiSR7qaQYUtK2Kl2JJuHp
FpsfmBleTher1yYfjpzwSqw9dEfIAiU7TqkQat4SWn1gnkRxqPE=
=DPsi
-----END PGP SIGNATURE-----

Attachment: pgpykm_kAFkOU.pgp
Description: PGP signature

Reply to: