python3.7 3.7.5-2ubuntu1~18.04.2 source package in Ubuntu

Changelog

python3.7 (3.7.5-2ubuntu1~18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Regular Expression Denial of Service
    - debian/patches/CVE-2020-8492.patch: updates a regular expression in the
      urllib.request.AbsatrctBasicAuthHandler class which allows for
      catastrophic backtracking and could result in a Denial of Service
      condition.
    - CVE-2020-8492
  * SECURITY UPDATE: Regular Expression Denial of Service
    - debian/patches/CVE-2021-3733.patch: updates a regular expression in the
      urllib.request.AbstractBasicAuthHandler class which has a quadratic
      worst-case time complexity and could be abused by a malicious HTTP
      server to cause a Denial of Service condition for a client.
    - CVE-2021-3733
  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2021-3737.patch: addresses the potential for the
      urllib http client to enter into an infinite loop and hang on a 100
      Continue response from a malicious server.
    - debian/patches/CVE-2021-3737_test-fix.patch: improves the regression
      test in Lib/test/test_httplib.py
    - CVE-2021-3737

 -- Ian Constantin <email address hidden>  Thu, 09 Dec 2021 12:04:37 -0500

Upload details

Uploaded by:
Ian Constantin
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
python
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Bionic updates universe misc
Bionic security universe misc

Downloads

File Size SHA-256 Checksum
python3.7_3.7.5.orig.tar.xz 16.4 MiB e85a76ea9f3d6c485ec1780fca4e500725a4a7bbc63c78ebc44170de9b619d94
python3.7_3.7.5-2ubuntu1~18.04.2.debian.tar.xz 211.1 KiB d7637c5da7c0e8d5aea3a5cb36051cfd372a5149082153dcc0398da21d5263c7
python3.7_3.7.5-2ubuntu1~18.04.2.dsc 3.3 KiB dbc0b3215b414936014c7df5ba1399d72cdf6ae62c289508afae1215e6efbaa0

View changes file

Binary packages built by this source

idle-python3.7: IDE for Python (v3.7) using Tkinter

 IDLE is an Integrated Development Environment for Python (v3.7).
 IDLE is written using Tkinter and therefore quite platform-independent.

libpython3.7: Shared Python runtime library (version 3.7)

 Python is a high-level, interactive, object-oriented language. Its 3.7 version
 includes an extensive class library with lots of goodies for
 network programming, system administration, sounds and graphics.
 .
 This package contains the shared runtime library, normally not needed
 for programs using the statically linked interpreter.

libpython3.7-dbg: Debug Build of the Python Interpreter (version 3.7)

 The package holds two things:
 .
 - Extensions for a Python interpreter configured with --pydebug.
 - Debug information for standard python extensions.
 .
 See the README.debug for more information.

libpython3.7-dev: Header files and a static library for Python (v3.7)

 Header files, a static library and development tools for building
 Python (v3.7) modules, extending the Python interpreter or embedding
 Python (v3.7) in applications.
 .
 Maintainers of Python packages should read README.maintainers.
 .
 This package contains development files. It is normally not
 used on it's own, but as a dependency of python3.7-dev.

libpython3.7-minimal: Minimal subset of the Python language (version 3.7)

 This package contains some essential modules. It is normally not
 used on it's own, but as a dependency of python3.7-minimal.

libpython3.7-stdlib: Interactive high-level object-oriented language (standard library, version 3.7)

 Python is a high-level, interactive, object-oriented language. Its 3.7 version
 includes an extensive class library with lots of goodies for
 network programming, system administration, sounds and graphics.
 .
 This package contains Python 3.7's standard library. It is normally not
 used on its own, but as a dependency of python3.7.

libpython3.7-testsuite: Testsuite for the Python standard library (v3.7)

 The complete testsuite for the Python standard library. Note that
 a subset is found in the libpython3.7-stdlib package, which should
 be enough for other packages to use (please do not build-depend
 on this package, but file a bug report to include additional
 testsuite files in the libpython3.7-stdlib package).

python3.7: Interactive high-level object-oriented language (version 3.7)

 Python is a high-level, interactive, object-oriented language. Its 3.7 version
 includes an extensive class library with lots of goodies for
 network programming, system administration, sounds and graphics.

python3.7-dbg: Debug Build of the Python Interpreter (version 3.7)

 The package holds two things:
 .
 - A Python interpreter configured with --pydebug. Dynamically loaded modules
   are searched as <foo>_d.so first. Third party extensions need a separate
   build to be used by this interpreter.
 - Debug information for standard python interpreter and extensions.
 .
 See the README.debug for more information.

python3.7-dev: Header files and a static library for Python (v3.7)

 Header files, a static library and development tools for building
 Python (v3.7) modules, extending the Python interpreter or embedding
 Python (v3.7) in applications.
 .
 Maintainers of Python packages should read README.maintainers.

python3.7-doc: Documentation for the high-level object-oriented language Python (v3.7)

 These is the official set of documentation for the interactive high-level
 object-oriented language Python (v3.7). All documents are provided
 in HTML format. The package consists of ten documents:
 .
   * What's New in Python3.7
   * Tutorial
   * Python Library Reference
   * Macintosh Module Reference
   * Python Language Reference
   * Extending and Embedding Python
   * Python/C API Reference
   * Installing Python Modules
   * Documenting Python
   * Distributing Python Modules

python3.7-examples: Examples for the Python language (v3.7)

 Examples, Demos and Tools for Python (v3.7). These are files included in
 the upstream Python distribution (v3.7).

python3.7-minimal: Minimal subset of the Python language (version 3.7)

 This package contains the interpreter and some essential modules. It can
 be used in the boot process for some basic tasks.
 See /usr/share/doc/python3.7-minimal/README.Debian for a list of the modules
 contained in this package.

python3.7-venv: Interactive high-level object-oriented language (pyvenv binary, version 3.7)

 Python is a high-level, interactive, object-oriented language. Its 3.7 version
 includes an extensive class library with lots of goodies for
 network programming, system administration, sounds and graphics.
 .
 This package contains the pyvenv-3.7 binary.