-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 01 Dec 2024 14:12:57 +0200 Source: python3.9 Architecture: source Version: 3.9.2-1+deb11u2 Distribution: bullseye-security Urgency: medium Maintainer: Matthias Klose <doko@debian.org> Changed-By: Adrian Bunk <bunk@debian.org> Changes: python3.9 (3.9.2-1+deb11u2) bullseye-security; urgency=medium . * Non-maintainer upload by the LTS Team. * Fix the binary-all tests. . python3.9 (3.9.2-1+deb11u1) bullseye-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2015-20107: The mailcap module did not add escape characters into commands discovered in the system mailcap file * CVE-2020-10735: Prevent DoS with very large int * CVE-2021-3426: Remove the pydoc getfile feature which could be abused to read arbitrary files on the disk * CVE-2021-3733: Regular Expression Denial of Service in urllib's AbstractBasicAuthHandler class * CVE-2021-3737: Infinite loop in the HTTP client code * CVE-2021-4189: Make ftplib not trust the PASV response * CVE-2021-28861: Open redirection vulnerability in http.server * CVE-2021-29921: Leading zeros in IPv4 addresses are no longer tolerated * CVE-2022-42919: Don't use Linux abstract sockets for multiprocessing * CVE-2022-45061: Quadratic time in the IDNA decoder * CVE-2023-6597: tempfile.TemporaryDirectory failure to remove dir * CVE-2023-24329: Strip C0 control and space chars in urlsplit * CVE-2023-27043: Reject malformed addresses in email.parseaddr() * CVE-2023-40217: ssl.SSLSocket bypass of the TLS handshake * CVE-2024-0397: Race condition in ssl.SSLContext * CVE-2024-0450: quoted-overlap zipbomb DoS * CVE-2024-4032: Incorrect information about private addresses in the ipaddress module * CVE-2024-6232: ReDoS when parsing tarfile headers * CVE-2024-6923: Encode newlines in headers in the email module * CVE-2024-7592: Quadratic complexity parsing cookies with backslashes * CVE-2024-8088: Infinite loop when iterating over zip archive entry names * CVE-2024-9287: venv activation scripts did't quote paths * CVE-2024-11168: urllib functions improperly validated bracketed hosts * Fix build test failures and make them fatal. Checksums-Sha1: 78f4e1ae8ed928dd21b810c942c4939a9f711c8e 3500 python3.9_3.9.2-1+deb11u2.dsc 110ca5bca7989f9558a54ee6762e6774a4b9644a 18889164 python3.9_3.9.2.orig.tar.xz 4f84e86a0f7c3d98e549d4dc8947a77122cc088f 266268 python3.9_3.9.2-1+deb11u2.debian.tar.xz Checksums-Sha256: 23ea92123f616a54ef5cafe0e7899cb3eac6f58af1858ea11fc52e7f7a8dc380 3500 python3.9_3.9.2-1+deb11u2.dsc 3c2034c54f811448f516668dce09d24008a0716c3a794dd8639b5388cbde247d 18889164 python3.9_3.9.2.orig.tar.xz 9fe6bded4dd0200c4e15d386354e8486f31f19d5356458cb05d8899e4226f96a 266268 python3.9_3.9.2-1+deb11u2.debian.tar.xz Files: d7189a1dfe82ede4a335f6c0f20e1f6b 3500 python optional python3.9_3.9.2-1+deb11u2.dsc f0dc9000312abeb16de4eccce9a870ab 18889164 python optional python3.9_3.9.2.orig.tar.xz 0b1ad08798dcaf9483b6c50a33bec729 266268 python optional python3.9_3.9.2-1+deb11u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmdM2e0ACgkQiNJCh6LY mLF8rA//eYJJUDI5MaiaoPadjM+KRA/sWX9mIMULLLtgk6YdPZdFHPsuwY7jNCy0 KHbpGmHLBGpAfyUhJMRqyLCNCJDQpKFh6H19U5Z5Cmh/alf3g5GvPpJytCL2wHO2 ySdhw9GnVGQ8ab2KAALjjGxFNjszvYdVDDmcN04MCGmOO+7Ms9cxs+6l2O8Zcs+t tprZD1Bn8sBxkRx6fhhReBsbTY292iZEcsk7DGpdKbMZmP7U9HC0RnjX83cwzLwb TGHfjWZxxtmvQB/EiqpoSdEJyRErLG0fGUoU0hyxwhIZtVwD76fYX+gJEeeW4Sb6 wAxfXlTK6B0JE3R6mb31QkG0nDvm7vyi59w9nZRG40ikcvc83oc3M72rOy5hfEAE HkPFM25wMrLD9lFzD6K8t3B6XH6ueRD97qk0ZwbTTKzWRaHNUz4jgA8+MLz1zU5h eh27/onXugYNXwC3Omq5f0fxXI6UzgsZSf/hlUd1J6gXmG7CKevBJJi6LtgUCNHj lad0Vf5JZdjf7MSnIiewYpz6XntIz7BIKtnJ13znPdWQV+g8fRSBhvdmbTsQpxJI 6CIHcHlHu6/Kfd869b/RXBngL2jNo0q1KHsaJ51dILkcrG9qEPG5azycpjjAAxsz G5pgyuq4k68xJGMzVU8lycG5OK2cr/W4a2pHheVzjZmd3RFk4Mw= =iQJv -----END PGP SIGNATURE-----
