-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 18 Nov 2020 16:09:16 -0500 Source: python3.5 Binary: python3.5 python3.5-venv libpython3.5-stdlib python3.5-minimal libpython3.5-minimal libpython3.5 python3.5-examples python3.5-dev libpython3.5-dev libpython3.5-testsuite idle-python3.5 python3.5-doc python3.5-dbg libpython3.5-dbg Architecture: source Version: 3.5.3-1+deb9u3 Distribution: stretch-security Urgency: high Maintainer: Matthias Klose <doko@debian.org> Changed-By: Roberto C. Sánchez <roberto@debian.org> Description: idle-python3.5 - IDE for Python (v3.5) using Tkinter libpython3.5 - Shared Python runtime library (version 3.5) libpython3.5-dbg - Debug Build of the Python Interpreter (version 3.5) libpython3.5-dev - Header files and a static library for Python (v3.5) libpython3.5-minimal - Minimal subset of the Python language (version 3.5) libpython3.5-stdlib - Interactive high-level object-oriented language (standard library libpython3.5-testsuite - Testsuite for the Python standard library (v3.5) python3.5 - Interactive high-level object-oriented language (version 3.5) python3.5-dbg - Debug Build of the Python Interpreter (version 3.5) python3.5-dev - Header files and a static library for Python (v3.5) python3.5-doc - Documentation for the high-level object-oriented language Python python3.5-examples - Examples for the Python language (v3.5) python3.5-minimal - Minimal subset of the Python language (version 3.5) python3.5-venv - Interactive high-level object-oriented language (pyvenv binary, v Changes: python3.5 (3.5.3-1+deb9u3) stretch-security; urgency=high . * Non-maintainer upload by the LTS Team. . [ Thorsten Alteholz ] * CVE-2019-20907: In Lib/tarfile.py, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation * CVE-2020-26116: http.client allows CRLF injection if the attacker controls the HTTP request method . [ Roberto C. Sánchez ] * Update expired SSL certificates in unit test suite. Checksums-Sha1: d29448db2ef829a3a2f2dfc25fe69100bf3cd1e2 3370 python3.5_3.5.3-1+deb9u3.dsc 1034496469036c2fbb407c900af5392bd3bec808 250516 python3.5_3.5.3-1+deb9u3.debian.tar.xz 950eb08bae287a19dca1018e4cdd015da19ea758 14140 python3.5_3.5.3-1+deb9u3_amd64.buildinfo Checksums-Sha256: 5239b3f3e272d68fcb834dc59a34677988037817a45acbf88e3cace53e6af41d 3370 python3.5_3.5.3-1+deb9u3.dsc 112d70ba85641fa036753555c82a205403f18bfbeb6d48acee66a3f987d72552 250516 python3.5_3.5.3-1+deb9u3.debian.tar.xz 1581b909d8fd64224693dc0a87fd09adc5c70477f1350f27511ac3c1198d5500 14140 python3.5_3.5.3-1+deb9u3_amd64.buildinfo Files: 1405791473306c4b7b02365e4616b080 3370 python optional python3.5_3.5.3-1+deb9u3.dsc ce23dccdf0752a711b9fd422b0147626 250516 python optional python3.5_3.5.3-1+deb9u3.debian.tar.xz 07ae5573a1a3335b3a45bd7a0c32eee5 14140 python optional python3.5_3.5.3-1+deb9u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAl+1mS4ACgkQldFmTdL1 kUJ/2Q//YRoOgbtUxr7TIGt1Li+ZKFlGueQJPixLBn9bXF6qP4iyyOfsoTfLgci0 pA7YTuO1OPi2M6l29AGDqhPgi5URy8CE5sW1bxkxbvqBc74UKICtWal0XOn+S4IX sITW6fQzvGIq+eJLE9xddoyyBrSVoh0lBuoHFNGIrJLIq/qt8yDaWPTWebvyrsft UMW1wq/sB6Ur1X3J+NgvhTg+o7+PJT+IeWFXbMm2bv5/nYJwENCMNzKOzGBifHib fDmDy8juUYvKR7WEPnAMe7Y9U/PKBD7trhnZFqTL4uxkXHTP7rX0CK8R1HADVbb7 71qiN9VpuT2euCFFN7QFn7m1UztdNjreTksul7VkbLdHk+Qlxrb8hJRaHTR25WYp m4NrzszDm4t7/dv2N1UQ2CIyMh80kNCzcX9opDolq/0XKRFIYnjNDEmGB3ZOcs0K CtLHJaLEyOJwEW4QrZ9H7MEb7SQo+WL4o/EGpw2Qzn+UZm0H1LDvr6PLGP7K2esw 77B8Hg6I47ps2gEadMoNRWZ1+Vjo9boKiTWp8DORtFylRwsgx5ZarqvN1utcaQtt r0DFdID0KBQQA5LibfLzFK2/gSw0WBXnYxfOysqIkmE952RjFa0hfrr97vWDWvS/ cgrqG5OOyV96nstwJy42dde1LUjcw5Oexf1bfKjv3bO01Vte5SM= =I9BT -----END PGP SIGNATURE-----