Register | Log in

python3.4

Choose email to subscribe with

general

source: python3.4 (updates)
version: 3.4.2-1+deb8u2
maintainer: Matthias Klose [DMD]
arch: all any
std-ver: 3.9.6
VCS: Bazaar (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 3.4.2-1
old-sec: 3.4.2-1+deb8u2

versioned links

3.4.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.4.2-1+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

idle-python3.4
libpython3.4
libpython3.4-dbg
libpython3.4-dev
libpython3.4-minimal
libpython3.4-stdlib
libpython3.4-testsuite
python3.4
python3.4-dbg
python3.4-dev
python3.4-doc
python3.4-examples
python3.4-minimal
python3.4-venv

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

6 security issues in jessie high

There are 6 open security issues in jessie.

3 important issues:

CVE-2019-9636: Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.
CVE-2019-9740: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command.
CVE-2019-9947: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string or PATH_INFO) followed by an HTTP header or a Redis command. This is similar to CVE-2019-9740.

3 issues skipped by the security teams:

CVE-2018-14647: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.
CVE-2013-1753:
CVE-2014-9365: The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Please fix them.

Created: 2015-07-12 Last update: 2019-03-28 07:33

news

[2019-02-07] Accepted python3.4 3.4.2-1+deb8u2 (source all amd64) into oldstable (Brian May)
[2018-09-26] Accepted python3.4 3.4.2-1+deb8u1 (source all amd64) into oldstable (Antoine Beaupré)
[2016-06-24] python3.4 REMOVED from testing (Debian testing watch)
[2016-06-20] Removed 3.4.4-3 from unstable (Debian FTP Masters)
[2016-06-20] Removed 3.4.4-3 from unstable (Debian FTP Masters)
[2016-04-23] python3.4 3.4.4-3 MIGRATED to testing (Debian testing watch)
[2016-04-17] Accepted python3.4 3.4.4-3 (source) into unstable (Matthias Klose)
[2016-01-11] python3.4 3.4.4-2 MIGRATED to testing (Debian testing watch)
[2016-01-05] Accepted python3.4 3.4.4-2 (source all amd64) into unstable (Matthias Klose)
[2015-12-27] python3.4 3.4.4-1 MIGRATED to testing (Debian testing watch)
[2015-12-21] Accepted python3.4 3.4.4-1 (source all amd64) into unstable (Matthias Klose)
[2015-12-13] python3.4 3.4.4~rc1-1 MIGRATED to testing (Debian testing watch)
[2015-12-07] Accepted python3.4 3.4.4~rc1-1 (source all i386) into unstable (Matthias Klose)
[2015-10-17] python3.4 3.4.3-10 MIGRATED to testing (Britney)
[2015-10-11] Accepted python3.4 3.4.3-10 (source all ppc64el) into unstable (Matthias Klose)
[2015-09-29] python3.4 3.4.3-9 MIGRATED to testing (Britney)
[2015-09-23] Accepted python3.4 3.4.3-9 (source all ppc64el) into unstable (Matthias Klose)
[2015-09-12] python3.4 3.4.3-8 MIGRATED to testing (Britney)
[2015-07-28] Accepted python3.4 3.4.3-8 (source all ppc64el) into unstable (Matthias Klose)
[2015-06-08] python3.4 3.4.3-7 MIGRATED to testing (Britney)
[2015-06-02] Accepted python3.4 3.4.3-7 (source all ppc64el) into unstable (Matthias Klose)
[2015-05-13] python3.4 3.4.3-6 MIGRATED to testing (Britney)
[2015-05-07] Accepted python3.4 3.4.3-6 (source all ppc64el) into unstable (Matthias Klose)
[2015-05-06] python3.4 3.4.3-5 MIGRATED to testing (Britney)
[2015-04-30] Accepted python3.4 3.4.3-5 (all amd64 i386 ppc64el source) into unstable (Matthias Klose)
[2015-04-29] Accepted python3.4 3.4.3-4 (source all i386) into unstable (Matthias Klose)
[2015-04-27] python3.4 3.4.2-5 MIGRATED to testing (Britney)
[2015-04-13] Accepted python3.4 3.4.2-5 (source all ppc64el) into unstable (Matthias Klose)
[2015-04-12] Accepted python3.4 3.4.3-3 (source all ppc64el) into experimental (Matthias Klose)
[2015-03-11] Accepted python3.4 3.4.3-2 (source all ppc64el) into experimental (Matthias Klose)

1
2

bugs [bug history graph]

all: 4
RC: 0
I&N: 4
M&W: 0
F&P: 0
patch: 0

links

buildd: logs, clang, cross
popcon
browse source code
edit tags
security tracker
screenshots

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing