Register | Log in

nltk

Python3 libraries for natural language processing

Choose email to subscribe with

general

source: nltk (main)
version: 3.9.1-2
maintainer: Debian Science Maintainers (archive) (DMD)
uploaders: Mo Zhou [DMD]
arch: all
std-ver: 4.6.0.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.4-1
oldstable: 3.5-1
stable: 3.8-1
testing: 3.9.1-2
unstable: 3.9.1-2

versioned links

3.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.8-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.9.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python3-nltk (1 bugs: 0, 1, 0, 0)

action needed

5 security issues in buster high

There are 5 open security issues in buster.

1 important issue:

CVE-2024-39705: NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.

4 issues postponed or untriaged:

CVE-2021-3828: (needs triaging) nltk is vulnerable to Inefficient Regular Expression Complexity
CVE-2021-3842: (needs triaging) nltk is vulnerable to Inefficient Regular Expression Complexity
CVE-2019-14751: (needs triaging) NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.
CVE-2021-43854: (needs triaging) NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReDoS) attacks. The vulnerability is present in PunktSentenceTokenizer, sent_tokenize and word_tokenize. Any users of this class, or these two functions, are vulnerable to the ReDoS attack. In short, a specifically crafted long input to any of these vulnerable functions will cause them to take a significant amount of execution time. If your program relies on any of the vulnerable functions for tokenizing unpredictable user input, then we would strongly recommend upgrading to a version of NLTK without the vulnerability. For users unable to upgrade the execution time can be bounded by limiting the maximum length of an input to any of the vulnerable functions. Our recommendation is to implement such a limit.

Created: 2024-06-28 Last update: 2024-06-28 15:00

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2023-06-18 Last update: 2023-06-18 17:34

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2024-39705: (postponed; to be fixed through a stable update) NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.

You can find information about how to handle this issue in the security team's documentation.

Created: 2024-06-28 Last update: 2025-02-27 05:02

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.0.1).

Created: 2022-05-11 Last update: 2025-02-27 13:25

news

[2024-10-18] nltk 3.9.1-2 MIGRATED to testing (Debian testing watch)
[2024-10-12] Accepted nltk 3.9.1-2 (source) into unstable (Santiago Vila)
[2024-10-07] nltk 3.9.1-1 MIGRATED to testing (Debian testing watch)
[2024-10-02] Accepted nltk 3.9.1-1 (source) into unstable (Mo Zhou)
[2023-06-23] nltk 3.8.1-1 MIGRATED to testing (Debian testing watch)
[2023-06-18] Accepted nltk 3.8.1-1 (source) into unstable (Mo Zhou)
[2022-12-20] nltk 3.8-1 MIGRATED to testing (Debian testing watch)
[2022-12-14] Accepted nltk 3.8-1 (source) into unstable (Mo Zhou)
[2022-02-22] nltk 3.7-1 MIGRATED to testing (Debian testing watch)
[2022-02-16] Accepted nltk 3.7-1 (source) into unstable (Mo Zhou)
[2022-01-12] nltk 3.6.7-1 MIGRATED to testing (Debian testing watch)
[2022-01-06] Accepted nltk 3.6.7-1 (source) into unstable (Mo Zhou)
[2021-11-19] nltk 3.6.5-1 MIGRATED to testing (Debian testing watch)
[2021-11-13] Accepted nltk 3.6.5-1 (source) into unstable (Mo Zhou)
[2020-04-28] nltk 3.5-1 MIGRATED to testing (Debian testing watch)
[2020-04-23] Accepted nltk 3.5-1 (source) into unstable (Mo Zhou)
[2019-12-27] nltk 3.4.5-2 MIGRATED to testing (Debian testing watch)
[2019-12-22] Accepted nltk 3.4.5-2 (source) into unstable (Mo Zhou) (signed by: Zhou Mo)
[2019-08-30] nltk 3.4.5-1 MIGRATED to testing (Debian testing watch)
[2019-08-24] Accepted nltk 3.4.5-1 (source) into unstable (Mo Zhou) (signed by: Zhou Mo)
[2019-07-27] nltk 3.4.3-1 MIGRATED to testing (Debian testing watch)
[2019-07-22] Accepted nltk 3.4.3-1 (source) into unstable (Mo Zhou) (signed by: Zhou Mo)
[2019-05-01] Accepted nltk 3.4.1-1 (source) into experimental (Mo Zhou) (signed by: Zhou Mo)
[2018-11-28] nltk 3.4-1 MIGRATED to testing (Debian testing watch)
[2018-11-23] Accepted nltk 3.4-1 (source) into unstable (Mo Zhou) (signed by: Zhou Mo)
[2018-06-02] nltk 3.3.0-1 MIGRATED to testing (Debian testing watch)
[2018-05-27] Accepted nltk 3.3.0-1 (source) into unstable (Mo Zhou) (signed by: Adam Borowski)
[2018-04-08] nltk 3.2.5-2 MIGRATED to testing (Debian testing watch)
[2018-04-03] Accepted nltk 3.2.5-2 (source) into unstable (Mo Zhou) (signed by: Adam Borowski)
[2017-10-31] nltk 3.2.5-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.9.1-2

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing