Format: 1.8 Date: Tue, 20 Aug 2019 13:12:48 -0400 Source: python3.6 Binary: python3.6 python3.6-venv libpython3.6-stdlib python3.6-minimal libpython3.6-minimal libpython3.6 python3.6-examples python3.6-dev libpython3.6-dev libpython3.6-testsuite idle-python3.6 python3.6-doc python3.6-dbg libpython3.6-dbg Architecture: i386 Version: 3.6.8-1~18.04.2 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: idle-python3.6 - IDE for Python (v3.6) using Tkinter libpython3.6 - Shared Python runtime library (version 3.6) libpython3.6-dbg - Debug Build of the Python Interpreter (version 3.6) libpython3.6-dev - Header files and a static library for Python (v3.6) libpython3.6-minimal - Minimal subset of the Python language (version 3.6) libpython3.6-stdlib - Interactive high-level object-oriented language (standard library libpython3.6-testsuite - Testsuite for the Python standard library (v3.6) python3.6 - Interactive high-level object-oriented language (version 3.6) python3.6-dbg - Debug Build of the Python Interpreter (version 3.6) python3.6-dev - Header files and a static library for Python (v3.6) python3.6-doc - Documentation for the high-level object-oriented language Python python3.6-examples - Examples for the Python language (v3.6) python3.6-minimal - Minimal subset of the Python language (version 3.6) python3.6-venv - Interactive high-level object-oriented language (pyvenv binary, v Changes: python3.6 (3.6.8-1~18.04.2) bionic-security; urgency=medium . * SECURITY UPDATE: incorrect cookie domain check - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper subdomain validation in Lib/http/cookiejar.py, Lib/test/test_http_cookiejar.py. - CVE-2018-20852 * SECURITY UPDATE: NULL pointer dereference via X509 certificate - debian/patches/CVE-2019-5010.patch: fix segfault in ssl cert parser in Lib/test/talos-2019-0758.pem, Lib/test/test_ssl.py, Modules/_ssl.c. - CVE-2019-5010 * SECURITY UPDATE: improper handling of unicode encoding - debian/patches/CVE-2019-9636.patch: add check for characters in netloc that normalize to separators in Doc/library/urllib.parse.rst, Lib/test/test_urlparse.py, Lib/urllib/parse.py. - CVE-2019-9636 * SECURITY UPDATE: HTTP header injection - debian/patches/CVE-2019-9740.patch: disallow control chars in http URLs in Lib/http/client.py, Lib/test/test_urllib.py, Lib/test/test_xmlrpc.py. - CVE-2019-9740 - CVE-2019-9947 * SECURITY UPDATE: urllib support the local_file: scheme - debian/patches/CVE-2019-9948.patch: disallow file reading in Lib/urllib/request.py, Lib/test/test_urllib.py. - CVE-2019-9948 * SECURITY UPDATE: incomplete fix for CVE-2019-9636 - debian/patches/CVE-2019-10160-1.patch: fix handling of pre-normalization characters in urlsplit() in Lib/test/test_urlparse.py, Lib/urllib/parse.py. - debian/patches/CVE-2019-10160-2.patch: correct fix to handle decomposition in usernames in Lib/test/test_urlparse.py, Lib/urllib/parse.py. - CVE-2019-10160 Checksums-Sha1: a252c64c1e47887f4ba25aca4af692fab85c167c 9745872 libpython3.6-dbg_3.6.8-1~18.04.2_i386.deb 85c474a273d676db84cb1e3b4fcf3edfcba68c14 44239128 libpython3.6-dev_3.6.8-1~18.04.2_i386.deb 8f83161eb75a72080b5a102575ed595f242ee0ff 535460 libpython3.6-minimal_3.6.8-1~18.04.2_i386.deb 3933042668f5fb727ff8e7111e7e8aade286b40a 1726184 libpython3.6-stdlib_3.6.8-1~18.04.2_i386.deb 56ab00250683623c0e404486a6c8f3bd7df9e1a7 1420480 libpython3.6_3.6.8-1~18.04.2_i386.deb 7e7801aed40fa0557a59deea1b27a3d2a0a19d0f 13336408 python3.6-dbg_3.6.8-1~18.04.2_i386.deb 4ecdf7f37b5706c9054c94bfde33e19b36e3255e 508000 python3.6-dev_3.6.8-1~18.04.2_i386.deb b69e0158f1a385f72d64f3193d6434c9d3989042 1612960 python3.6-minimal_3.6.8-1~18.04.2_i386.deb 8a28c7d2ab6a7fdc35bd392d9c694e8bee5e1df1 6184 python3.6-venv_3.6.8-1~18.04.2_i386.deb 1d2890fc35101cd74597b25d3b875966f710ca7a 12294 python3.6_3.6.8-1~18.04.2_i386.buildinfo 766f21294bcb622a24017b3cc222ac3bab30d4ce 201540 python3.6_3.6.8-1~18.04.2_i386.deb Checksums-Sha256: 1ac15b15f85f30eba70b1fae46b49803a2763f78caaa5d3514f55b8c9a9fd423 9745872 libpython3.6-dbg_3.6.8-1~18.04.2_i386.deb db8e32c6af768772e269b85388ac8808a16f36d0bafdf5dd743d8d968685202c 44239128 libpython3.6-dev_3.6.8-1~18.04.2_i386.deb b2c963bc9eeb50e50826210ce8050839dd570c3d1a75d8b8a238d59f85fe718b 535460 libpython3.6-minimal_3.6.8-1~18.04.2_i386.deb a94eff3dfbcd5cebc01fdc019cf3a7d72f799905220d0cf2921553efe91dd613 1726184 libpython3.6-stdlib_3.6.8-1~18.04.2_i386.deb 8b279127a17c6b16a66be97a470e5c3fbfb6875f74060b54132a63346fdb8f2d 1420480 libpython3.6_3.6.8-1~18.04.2_i386.deb b19ac790a60eab22167506724c4d89081ac9cfa5e24c4fcbbec7d4635756e8aa 13336408 python3.6-dbg_3.6.8-1~18.04.2_i386.deb abc7910a937a28963ee61e6a246b3ef5115dc0077591213c2ef7034e4bf594b4 508000 python3.6-dev_3.6.8-1~18.04.2_i386.deb f1a0e0280009d650bdbace11b7541dda4dff3f546b1cb14269810f973f377176 1612960 python3.6-minimal_3.6.8-1~18.04.2_i386.deb bc1a38cd77967bdcd098e3357c31b9fb31a137912b5cc3308e9693432a9ae02a 6184 python3.6-venv_3.6.8-1~18.04.2_i386.deb 14fe607a5a5e212c0fc0f7df90204fa7b213683e9d3e7f2f082c64d80f8befdb 12294 python3.6_3.6.8-1~18.04.2_i386.buildinfo 4d0cfd85319f5b55b5a38a008916c3ab3ecc1a96f24fab412da5a366da0f2ca5 201540 python3.6_3.6.8-1~18.04.2_i386.deb Files: 53a055cfed22bea133c0de6a94146485 9745872 debug optional libpython3.6-dbg_3.6.8-1~18.04.2_i386.deb 10cbde7b1d4bb5e5c95f0b497e25b755 44239128 libdevel optional libpython3.6-dev_3.6.8-1~18.04.2_i386.deb ca0690212fd25c93d83db29f68e46416 535460 python optional libpython3.6-minimal_3.6.8-1~18.04.2_i386.deb c67613b9d5314fbc365a0fe85e475b3e 1726184 python optional libpython3.6-stdlib_3.6.8-1~18.04.2_i386.deb 19d2b267bf7110d9d5ab5d2c48e7e780 1420480 libs optional libpython3.6_3.6.8-1~18.04.2_i386.deb 602d0e0fd67ea337548163e0a5ad6d46 13336408 debug optional python3.6-dbg_3.6.8-1~18.04.2_i386.deb e5753242afa46e0ba6af9aad5e75262e 508000 python optional python3.6-dev_3.6.8-1~18.04.2_i386.deb 48e9f4d0c2d1e70b1e4f3d42d2a48672 1612960 python optional python3.6-minimal_3.6.8-1~18.04.2_i386.deb d3fc16e42ee4cc2480a03b408680953b 6184 python optional python3.6-venv_3.6.8-1~18.04.2_i386.deb e9873b60d8d17710e3e7c52003ebe6ed 12294 python optional python3.6_3.6.8-1~18.04.2_i386.buildinfo de5ac9b49e983ca3b3a06e5be9be482c 201540 python optional python3.6_3.6.8-1~18.04.2_i386.deb