-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 29 Nov 2024 19:38:21 +0200 Source: python3.9 Architecture: source Version: 3.9.2-1+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Matthias Klose <doko@debian.org> Changed-By: Adrian Bunk <bunk@debian.org> Changes: python3.9 (3.9.2-1+deb11u1) bullseye-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2015-20107: The mailcap module did not add escape characters into commands discovered in the system mailcap file * CVE-2020-10735: Prevent DoS with very large int * CVE-2021-3426: Remove the pydoc getfile feature which could be abused to read arbitrary files on the disk * CVE-2021-3733: Regular Expression Denial of Service in urllib's AbstractBasicAuthHandler class * CVE-2021-3737: Infinite loop in the HTTP client code * CVE-2021-4189: Make ftplib not trust the PASV response * CVE-2021-28861: Open redirection vulnerability in http.server * CVE-2021-29921: Leading zeros in IPv4 addresses are no longer tolerated * CVE-2022-42919: Don't use Linux abstract sockets for multiprocessing * CVE-2022-45061: Quadratic time in the IDNA decoder * CVE-2023-6597: tempfile.TemporaryDirectory failure to remove dir * CVE-2023-24329: Strip C0 control and space chars in urlsplit * CVE-2023-27043: Reject malformed addresses in email.parseaddr() * CVE-2023-40217: ssl.SSLSocket bypass of the TLS handshake * CVE-2024-0397: Race condition in ssl.SSLContext * CVE-2024-0450: quoted-overlap zipbomb DoS * CVE-2024-4032: Incorrect information about private addresses in the ipaddress module * CVE-2024-6232: ReDoS when parsing tarfile headers * CVE-2024-6923: Encode newlines in headers in the email module * CVE-2024-7592: Quadratic complexity parsing cookies with backslashes * CVE-2024-8088: Infinite loop when iterating over zip archive entry names * CVE-2024-9287: venv activation scripts did't quote paths * CVE-2024-11168: urllib functions improperly validated bracketed hosts * Fix build test failures and make them fatal. Checksums-Sha1: 2a1cc0fcf5146d0b86dc2c67ead8f48663628aad 3500 python3.9_3.9.2-1+deb11u1.dsc 110ca5bca7989f9558a54ee6762e6774a4b9644a 18889164 python3.9_3.9.2.orig.tar.xz ae7a921a53cb3b1f9150eca29839294c019caf8a 266200 python3.9_3.9.2-1+deb11u1.debian.tar.xz Checksums-Sha256: f744cc73539a897a7f885e1046addf27b66fc0f9d188dec74cfeb21dbeed5f5b 3500 python3.9_3.9.2-1+deb11u1.dsc 3c2034c54f811448f516668dce09d24008a0716c3a794dd8639b5388cbde247d 18889164 python3.9_3.9.2.orig.tar.xz dddec96735163c498a50bf1fbbdf9d5ca0ba36c93d2366396a5dc78352afdf36 266200 python3.9_3.9.2-1+deb11u1.debian.tar.xz Files: b2274e86a42e0147a223b8e8c00ce149 3500 python optional python3.9_3.9.2-1+deb11u1.dsc f0dc9000312abeb16de4eccce9a870ab 18889164 python optional python3.9_3.9.2.orig.tar.xz 2a4d50409618f27bbe4228579a40c490 266200 python optional python3.9_3.9.2-1+deb11u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmdLfRgACgkQiNJCh6LY mLFfZw/+O/i1OadGghH1Dn3RLwbU25rK4wbKihGladNXKavqPZVoCbDeXGuMqINY HXEyyWyJIhU3GX/yqhKeOBQVMSxn9qn9o2UALVnN5XcDAsaGsjXJfykQsHdMLYyt 5PbxqiyKQc93WVITj66ZLPanc1dDcDX8AdxurGFBnnbH9EcHtIVKqTkf3IAyFvJ8 WKXJh2y3RG9EBRrcNHVCd+WumKn7IIQptBAAK+k7cMaxK9EH1eITpsBJJGEQIN1V WOdnjHEkZEdaAVX6v7+LDCgZG12CsPEPKUYjboOQom4oM6sZIipVOvxEqzXN/3iC EienkLZnB1vsY/5OMi4rdq99tsmVLu8S+IUyRMjFhhFBvd8ZI3ZLjf7LlB2lrSfd eETow2W+i+HhAzgDvfD9fIEve29ES7NTq3yXSM3UzyVMFCtX28lmgYFevPDbWGW1 EEJDCwPzZTPbzscr5X0F+UG6bJOzbg9Vpl8Azom1PlkFRHU1DIH5MeeLxbeuk/Nl HZ3wkP4RVgR3wEdYBWF9+AQj/AbPtdTErrcGh8KLdwDcnf3fT7Jv7O2F342MDrYI hdRC9ip/90S9X7xjvVtgpkXGd+S+6GfXF4xYmgp4NTvPiSR7qaQYUtK2Kl2JJuHp FpsfmBleTher1yYfjpzwSqw9dEfIAiU7TqkQat4SWn1gnkRxqPE= =DPsi -----END PGP SIGNATURE-----
