Ubuntu
pypy3 package

Bug #1995197
Activity log

Activity log for bug #1995197

Date	Who	What changed	Old value	New value	Message
2022-10-30 08:44:35	Stefano Rivera	bug			added bug
2022-10-30 08:44:50	Stefano Rivera	bug task added		pypy3 (Ubuntu)
2022-10-30 08:46:58	Stefano Rivera	bug task added		python3.6 (Ubuntu)
2022-10-30 08:47:08	Stefano Rivera	bug task added		python3.7 (Ubuntu)
2022-10-30 08:47:18	Stefano Rivera	bug task added		python3.8 (Ubuntu)
2022-10-30 08:48:37	Stefano Rivera	nominated for series		Ubuntu Focal
2022-10-30 08:48:37	Stefano Rivera	bug task added		pypy3 (Ubuntu Focal)
2022-10-30 08:48:37	Stefano Rivera	bug task added		python3.6 (Ubuntu Focal)
2022-10-30 08:48:37	Stefano Rivera	bug task added		pysha3 (Ubuntu Focal)
2022-10-30 08:48:37	Stefano Rivera	bug task added		python3.7 (Ubuntu Focal)
2022-10-30 08:48:37	Stefano Rivera	bug task added		python3.8 (Ubuntu Focal)
2022-10-30 08:48:37	Stefano Rivera	nominated for series		Ubuntu Jammy
2022-10-30 08:48:37	Stefano Rivera	bug task added		pypy3 (Ubuntu Jammy)
2022-10-30 08:48:37	Stefano Rivera	bug task added		python3.6 (Ubuntu Jammy)
2022-10-30 08:48:37	Stefano Rivera	bug task added		pysha3 (Ubuntu Jammy)
2022-10-30 08:48:37	Stefano Rivera	bug task added		python3.7 (Ubuntu Jammy)
2022-10-30 08:48:37	Stefano Rivera	bug task added		python3.8 (Ubuntu Jammy)
2022-10-30 08:48:37	Stefano Rivera	nominated for series		Ubuntu Kinetic
2022-10-30 08:48:37	Stefano Rivera	bug task added		pypy3 (Ubuntu Kinetic)
2022-10-30 08:48:37	Stefano Rivera	bug task added		python3.6 (Ubuntu Kinetic)
2022-10-30 08:48:37	Stefano Rivera	bug task added		pysha3 (Ubuntu Kinetic)
2022-10-30 08:48:37	Stefano Rivera	bug task added		python3.7 (Ubuntu Kinetic)
2022-10-30 08:48:37	Stefano Rivera	bug task added		python3.8 (Ubuntu Kinetic)
2022-10-30 08:48:37	Stefano Rivera	nominated for series		Ubuntu Bionic
2022-10-30 08:48:37	Stefano Rivera	bug task added		pypy3 (Ubuntu Bionic)
2022-10-30 08:48:37	Stefano Rivera	bug task added		python3.6 (Ubuntu Bionic)
2022-10-30 08:48:37	Stefano Rivera	bug task added		pysha3 (Ubuntu Bionic)
2022-10-30 08:48:37	Stefano Rivera	bug task added		python3.7 (Ubuntu Bionic)
2022-10-30 08:48:37	Stefano Rivera	bug task added		python3.8 (Ubuntu Bionic)
2022-10-30 08:48:37	Stefano Rivera	nominated for series		Ubuntu Lunar
2022-10-30 08:48:37	Stefano Rivera	bug task added		pypy3 (Ubuntu Lunar)
2022-10-30 08:48:37	Stefano Rivera	bug task added		python3.6 (Ubuntu Lunar)
2022-10-30 08:48:37	Stefano Rivera	bug task added		pysha3 (Ubuntu Lunar)
2022-10-30 08:48:37	Stefano Rivera	bug task added		python3.7 (Ubuntu Lunar)
2022-10-30 08:48:37	Stefano Rivera	bug task added		python3.8 (Ubuntu Lunar)
2022-10-30 08:50:22	Stefano Rivera	python3.8 (Ubuntu Jammy): status	New	Invalid
2022-10-30 08:50:45	Stefano Rivera	python3.8 (Ubuntu Kinetic): status	New	Invalid
2022-10-30 08:50:50	Stefano Rivera	python3.8 (Ubuntu Lunar): status	New	Invalid
2022-10-30 08:51:33	Stefano Rivera	python3.7 (Ubuntu Jammy): status	New	Invalid
2022-10-30 08:51:37	Stefano Rivera	python3.7 (Ubuntu Focal): status	New	Invalid
2022-10-30 08:51:40	Stefano Rivera	python3.7 (Ubuntu Kinetic): status	New	Invalid
2022-10-30 08:51:44	Stefano Rivera	python3.7 (Ubuntu Lunar): status	New	Invalid
2022-10-30 08:51:48	Stefano Rivera	python3.6 (Ubuntu Focal): status	New	Invalid
2022-10-30 08:51:53	Stefano Rivera	python3.6 (Ubuntu Jammy): status	New	Invalid
2022-10-30 08:51:58	Stefano Rivera	python3.6 (Ubuntu Kinetic): status	New	Invalid
2022-10-30 08:52:02	Stefano Rivera	python3.6 (Ubuntu Lunar): status	New	Invalid
2022-10-30 08:52:55	Stefano Rivera	pypy3 (Ubuntu Bionic): status	New	Invalid
2022-10-30 09:49:30	Stefano Rivera	description	pysha3, pypy3, python3.X are affected by CVE-2022-37454, a security issue in Keccak https://mouha.be/sha-3-buffer-overflow/ See: https://github.com/python/cpython/issues/98517	pysha3, pypy3, python3.X are affected by CVE-2022-37454, a security issue in Keccak https://mouha.be/sha-3-buffer-overflow/ See: https://github.com/python/cpython/issues/98517 Testing: python3.X/pypy3: import hashlib; h = hashlib.sha3_224(); h.update(b'\x01'); \ h.update(b'\x01'0xffff_ffff); \ assert h.hexdigest() == \ '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed' pysha3: import sha3; h = sha3.sha3_224(); h.update(b'\x01'); \ h.update(b'\x01'0xffff_ffff); \ assert h.hexdigest() == \ '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed'
2022-10-30 09:49:48	Stefano Rivera	description	pysha3, pypy3, python3.X are affected by CVE-2022-37454, a security issue in Keccak https://mouha.be/sha-3-buffer-overflow/ See: https://github.com/python/cpython/issues/98517 Testing: python3.X/pypy3: import hashlib; h = hashlib.sha3_224(); h.update(b'\x01'); \ h.update(b'\x01'0xffff_ffff); \ assert h.hexdigest() == \ '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed' pysha3: import sha3; h = sha3.sha3_224(); h.update(b'\x01'); \ h.update(b'\x01'0xffff_ffff); \ assert h.hexdigest() == \ '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed'	pysha3, pypy3, python3.X are affected by CVE-2022-37454, a security issue in Keccak https://mouha.be/sha-3-buffer-overflow/ See: https://github.com/python/cpython/issues/98517 Testing: python3.X/pypy3: import hashlib; h = hashlib.sha3_224(); h.update(b'\x01'); \ h.update(b'\x01'0xffff_ffff); \ assert h.hexdigest() == \ '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed' pysha3: import sha3; h = sha3.sha3_224(); h.update(b'\x01'); \ h.update(b'\x01'0xffff_ffff); \ assert h.hexdigest() == \ '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed'
2022-10-30 09:50:14	Stefano Rivera	description	pysha3, pypy3, python3.X are affected by CVE-2022-37454, a security issue in Keccak https://mouha.be/sha-3-buffer-overflow/ See: https://github.com/python/cpython/issues/98517 Testing: python3.X/pypy3: import hashlib; h = hashlib.sha3_224(); h.update(b'\x01'); \ h.update(b'\x01'0xffff_ffff); \ assert h.hexdigest() == \ '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed' pysha3: import sha3; h = sha3.sha3_224(); h.update(b'\x01'); \ h.update(b'\x01'0xffff_ffff); \ assert h.hexdigest() == \ '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed'	pysha3, pypy3, python3.X are affected by CVE-2022-37454, a security issue in Keccak https://mouha.be/sha-3-buffer-overflow/ See: https://github.com/python/cpython/issues/98517 Testing: python3.X/pypy3: import hashlib; h = hashlib.sha3_224(); h.update(b'\x01'); \ h.update(b'\x01'0xffff_ffff); \ assert h.hexdigest() == '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed' pysha3: import sha3; h = sha3.sha3_224(); h.update(b'\x01'); \ h.update(b'\x01'0xffff_ffff); \ assert h.hexdigest() == '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed'
2022-10-30 10:04:29	Stefano Rivera	attachment added		pypy3-focal.debdiff https://bugs.launchpad.net/ubuntu/jammy/+source/python3.8/+bug/1995197/+attachment/5627839/+files/pypy3-focal.debdiff
2022-10-30 10:04:46	Stefano Rivera	attachment added		pypy3-jammy.debdiff https://bugs.launchpad.net/ubuntu/jammy/+source/python3.8/+bug/1995197/+attachment/5627840/+files/pypy3-jammy.debdiff
2022-10-30 10:05:01	Stefano Rivera	attachment added		pypy3-kinetic.debdiff https://bugs.launchpad.net/ubuntu/jammy/+source/python3.8/+bug/1995197/+attachment/5627841/+files/pypy3-kinetic.debdiff
2022-10-30 10:27:07	Stefano Rivera	attachment added		pysha3-bionic.debdiff https://bugs.launchpad.net/ubuntu/jammy/+source/python3.8/+bug/1995197/+attachment/5627842/+files/pysha3-bionic.debdiff
2022-10-30 10:27:31	Stefano Rivera	attachment added		pysha3-focal.debdiff https://bugs.launchpad.net/ubuntu/jammy/+source/python3.8/+bug/1995197/+attachment/5627843/+files/pysha3-focal.debdiff
2022-10-30 10:27:58	Stefano Rivera	attachment added		pysha3-jammy.debdiff https://bugs.launchpad.net/ubuntu/jammy/+source/python3.8/+bug/1995197/+attachment/5627844/+files/pysha3-jammy.debdiff
2022-10-30 10:28:27	Stefano Rivera	attachment added		pysha3-kinetic.debdiff https://bugs.launchpad.net/ubuntu/jammy/+source/python3.8/+bug/1995197/+attachment/5627845/+files/pysha3-kinetic.debdiff
2022-10-30 10:29:22	Stefano Rivera	pypy3 (Ubuntu Focal): status	New	Confirmed
2022-10-30 10:29:41	Stefano Rivera	pypy3 (Ubuntu Jammy): status	New	Confirmed
2022-10-30 10:30:05	Stefano Rivera	pypy3 (Ubuntu Kinetic): status	New	Confirmed
2022-10-30 10:30:32	Stefano Rivera	pysha3 (Ubuntu Bionic): status	New	Confirmed
2022-10-30 10:30:35	Stefano Rivera	pysha3 (Ubuntu Focal): status	New	Confirmed
2022-10-30 10:30:38	Stefano Rivera	pysha3 (Ubuntu Jammy): status	New	Confirmed
2022-10-30 10:30:42	Stefano Rivera	pysha3 (Ubuntu Kinetic): status	New	Confirmed
2022-10-30 10:36:52	Stefano Rivera	description	pysha3, pypy3, python3.X are affected by CVE-2022-37454, a security issue in Keccak https://mouha.be/sha-3-buffer-overflow/ See: https://github.com/python/cpython/issues/98517 Testing: python3.X/pypy3: import hashlib; h = hashlib.sha3_224(); h.update(b'\x01'); \ h.update(b'\x01'0xffff_ffff); \ assert h.hexdigest() == '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed' pysha3: import sha3; h = sha3.sha3_224(); h.update(b'\x01'); \ h.update(b'\x01'0xffff_ffff); \ assert h.hexdigest() == '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed'	pysha3, pypy3, python3.X are affected by CVE-2022-37454, a security issue in Keccak https://mouha.be/sha-3-buffer-overflow/ See: https://github.com/python/cpython/issues/98517 Testing: python3.X/pypy3: import hashlib; h = hashlib.sha3_224(); h.update(b'\x01'); \ h.update(b'\x01'0xffff_ffff); \ assert h.hexdigest() == '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed' pysha3: import sha3; h = sha3.sha3_224(); h.update(b'\x01'); \ h.update(b'\x01'0xffff_ffff); \ assert h.hexdigest() == '80762e8ce6700f114fec0f621fd97c4b9c00147fa052215294cceeed' For pypy3 and pysha3, I have: 1. Verified the issues exist in the current packages, with the above tests. 2. Built the packages with the attached patches 3. Verified that the packages upgrade 4. Verified the security issues are resolved, with the above tests.
2022-10-30 10:37:09	Stefano Rivera	bug			added subscriber Ubuntu Security Sponsors Team
2022-11-15 01:24:17	Steve Beattie	pypy3 (Ubuntu Lunar): status	New	Fix Committed
2022-11-15 01:24:32	Steve Beattie	pypy3 (Ubuntu Focal): status	Confirmed	In Progress
2022-11-15 01:24:45	Steve Beattie	pypy3 (Ubuntu Focal): assignee		Steve Beattie (sbeattie)
2022-11-15 01:25:03	Steve Beattie	pypy3 (Ubuntu Jammy): status	Confirmed	In Progress
2022-11-15 01:25:03	Steve Beattie	pypy3 (Ubuntu Jammy): assignee		Steve Beattie (sbeattie)
2022-11-15 01:25:18	Steve Beattie	pypy3 (Ubuntu Kinetic): status	Confirmed	In Progress
2022-11-15 01:25:18	Steve Beattie	pypy3 (Ubuntu Kinetic): assignee		Steve Beattie (sbeattie)
2022-11-15 01:25:36	Steve Beattie	pysha3 (Ubuntu Bionic): status	Confirmed	In Progress
2022-11-15 01:25:36	Steve Beattie	pysha3 (Ubuntu Bionic): assignee		Steve Beattie (sbeattie)
2022-11-15 01:25:51	Steve Beattie	pysha3 (Ubuntu Focal): status	Confirmed	In Progress
2022-11-15 01:25:51	Steve Beattie	pysha3 (Ubuntu Focal): assignee		Steve Beattie (sbeattie)
2022-11-15 01:26:07	Steve Beattie	pysha3 (Ubuntu Jammy): status	Confirmed	In Progress
2022-11-15 01:26:07	Steve Beattie	pysha3 (Ubuntu Jammy): assignee		Steve Beattie (sbeattie)
2022-11-15 01:26:32	Steve Beattie	pysha3 (Ubuntu Kinetic): status	Confirmed	In Progress
2022-11-15 01:26:32	Steve Beattie	pysha3 (Ubuntu Kinetic): assignee		Steve Beattie (sbeattie)
2022-12-31 17:01:09	Launchpad Janitor	pypy3 (Ubuntu Lunar): status	Fix Committed	Fix Released
2023-02-28 15:54:02	Dimitri John Ledkov	attachment added		python3.6-bionic.debdiff https://bugs.launchpad.net/ubuntu/+source/pysha3/+bug/1995197/+attachment/5650496/+files/python3.6-bionic.debdiff
2023-03-06 13:46:17	Launchpad Janitor	python3.6 (Ubuntu Bionic): status	New	Fix Released
2023-03-06 13:46:17	Launchpad Janitor	cve linked		2022-37454
2023-08-04 18:23:17	Andreas Hasenack	bug task deleted	pysha3 (Ubuntu Lunar)
2023-08-04 18:23:37	Andreas Hasenack	pysha3 (Ubuntu Kinetic): status	In Progress	Won't Fix
2023-08-10 17:59:46	Utkarsh Gupta	pypy3 (Ubuntu Kinetic): status	In Progress	Won't Fix
2023-08-28 22:59:24	Mathew Hodson	bug task deleted	pysha3 (Ubuntu)
2023-11-29 14:05:29	Marc Deslauriers	python3.8 (Ubuntu Bionic): status	New	Fix Released
2023-11-29 14:05:38	Marc Deslauriers	python3.8 (Ubuntu Focal): status	New	Fix Released
2023-11-29 14:05:58	Marc Deslauriers	pysha3 (Ubuntu Bionic): status	In Progress	Won't Fix
2023-11-29 14:06:14	Marc Deslauriers	python3.7 (Ubuntu Bionic): status	New	Fix Released
2023-11-29 15:41:53	Launchpad Janitor	pypy3 (Ubuntu Focal): status	In Progress	Fix Released
2023-11-29 15:48:25	Launchpad Janitor	pysha3 (Ubuntu Focal): status	In Progress	Fix Released
2023-11-29 16:41:55	Launchpad Janitor	pypy3 (Ubuntu Jammy): status	In Progress	Fix Released
2023-11-29 16:42:05	Launchpad Janitor	pysha3 (Ubuntu Jammy): status	In Progress	Fix Released

Ubuntupypy3 package

Activity log for bug #1995197

Ubuntu
pypy3 package