1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4307-1] python3.5 security update

    From Moritz Muehlenhoff@1:229/2 to All on Fri Sep 28 21:20:01 2018
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4307-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 28, 2018 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : python3.5
    CVE ID : CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061
    CVE-2018-14647

    Multiple security issues were discovered in Python: ElementTree failed
    to initialise Expat's hash salt, two denial of service issues were found
    in difflib and poplib and a buffer overflow in PyString_DecodeEscape.

    For the stable distribution (stretch), these problems have been fixed in version 3.5.3-1+deb9u1.

    We recommend that you upgrade your python3.5 packages.

    For the detailed security status of python3.5 please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/python3.5

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAluuffwACgkQEMKTtsN8 TjaMPA//RetcTgm4w0Pu2AQWzGVW4spbQyIAtDJBVyVdjW9NMLCbFYgEi7p3B+46 bd8o66KDP6SbEgt44h1s0NoznWF1sWNy/qEHV1CwNNVrdHPKwlEogzPnhzKa+vjT 0Ok2ncqhlIOGiwu1nPFBTXueHEUXXwk98TpQYaEUqwirxT1xXLkkvlK1pXZjHB0g V17AQ9cA4FkWUixk+qjwKUtwfa5sDF2eO4SOQIJhq/tq5YMua0usg6HmPw2VjZhC W532qCX6AeoXiKU3Exu01sMkrWTfZKARltqdeuTl9JCKqwxcJCAMrAGYatwyyk5l NVpyKlJnPhCRm12CpjMKqpSf8mDvlDVxUowQkGshFAqgQ5BP87GOAec4fwq5FIKB 6i68VAtXXTBd/4XPM4WOAAroUQ0tZSFKAZpwkHUtWAGvMAd+/RZnYYj4V3hMfidZ HrBVbv+pjm+UJ82oZLgwVPM3Ay+V9Eyazk/9OWxNWMPOhJDwGeAckq3BjZ1OXrsE arCsYfMwHl0MCFqdd4Y7cehUnLNWIUZoNUhOAwc+d/KhBbFPQ0ZcgdPVmRPCr2Wo 59Qw3BmXpD9me92seNUzRKvVhsy1ClEyDZb2kddZM1egWogyq4KHRaOzg3qHvP1l tPN/VV/bDvJJvEz1B2iZ2T0ue318ux9NTfPwtEXP/6nJ/jyQ9SY=
    =kyB0
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)