python3.5 3.5.2-2ubuntu0~16.04.8 source package in Ubuntu

Changelog

python3.5 (3.5.2-2ubuntu0~16.04.8) xenial-security; urgency=medium

  * SECURITY UPDATE: incorrect cookie domain check
    - debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
      subdomain validation in Lib/http/cookiejar.py,
      Lib/test/test_http_cookiejar.py.
    - CVE-2018-20852
  * SECURITY UPDATE: integer overflow in pickle
    - debian/patches/CVE-2018-20406.patch: avoid relying on signed overflow
      in _pickle memos in Modules/_pickle.c.
    - CVE-2018-20406
  * SECURITY UPDATE: NULL pointer dereference via X509 certificate
    - debian/patches/CVE-2019-5010.patch: fix segfault in ssl cert parser
      in Lib/test/talos-2019-0758.pem, Lib/test/test_ssl.py,
      Modules/_ssl.c.
    - CVE-2019-5010
  * SECURITY UPDATE: improper handling of unicode encoding
    - debian/patches/CVE-2019-9636.patch: add check for characters in
      netloc that normalize to separators in Doc/library/urllib.parse.rst,
      Lib/test/test_urlparse.py, Lib/urllib/parse.py.
    - CVE-2019-9636
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/CVE-2019-9740.patch: disallow control chars in http
      URLs in Lib/http/client.py, Lib/test/test_urllib.py,
      Lib/test/test_xmlrpc.py.
    - CVE-2019-9740
    - CVE-2019-9947
  * SECURITY UPDATE: urllib support the local_file: scheme
    - debian/patches/CVE-2019-9948.patch: disallow file reading in
      Lib/urllib/request.py, Lib/test/test_urllib.py.
    - CVE-2019-9948
  * SECURITY UPDATE: incomplete fix for CVE-2019-9636
    - debian/patches/CVE-2019-10160-1.patch: fix handling of
      pre-normalization characters in urlsplit() in
      Lib/test/test_urlparse.py, Lib/urllib/parse.py.
    - debian/patches/CVE-2019-10160-2.patch: correct fix to handle
      decomposition in usernames in Lib/test/test_urlparse.py,
      Lib/urllib/parse.py.
    - CVE-2019-10160
  * debian/patches/issue9146.diff: fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1835135)

 -- Marc Deslauriers <email address hidden>  Wed, 10 Jul 2019 07:58:48 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2019-08-20
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
python
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
python3.5_3.5.2.orig.tar.xz 14.5 MiB 0010f56100b9b74259ebcd5d4b295a32324b58b517403a10d1a2aa7cb22bca40
python3.5_3.5.2-2ubuntu0~16.04.8.debian.tar.xz 224.8 KiB 2b50c076a9b0f9ecd0978fbe9ce1d7c6a758b1b896ccd74a71eadc735461ccc7
python3.5_3.5.2-2ubuntu0~16.04.8.dsc 3.3 KiB 0b45216b73e91ae7e5d96b43488f32946d38f42cdc50e8e59922d1ec1059a5bb

View changes file

Binary packages built by this source

idle-python3.5: IDE for Python (v3.5) using Tkinter

 IDLE is an Integrated Development Environment for Python (v3.5).
 IDLE is written using Tkinter and therefore quite platform-independent.

libpython3.5: Shared Python runtime library (version 3.5)

 Python is a high-level, interactive, object-oriented language. Its 3.5 version
 includes an extensive class library with lots of goodies for
 network programming, system administration, sounds and graphics.
 .
 This package contains the shared runtime library, normally not needed
 for programs using the statically linked interpreter.

libpython3.5-dbg: Debug Build of the Python Interpreter (version 3.5)

 The package holds two things:
 .
 - Extensions for a Python interpreter configured with --pydebug.
 - Debug information for standard python extensions.
 .
 See the README.debug for more information.

libpython3.5-dbgsym: debug symbols for package libpython3.5

 Python is a high-level, interactive, object-oriented language. Its 3.5 version
 includes an extensive class library with lots of goodies for
 network programming, system administration, sounds and graphics.
 .
 This package contains the shared runtime library, normally not needed
 for programs using the statically linked interpreter.

libpython3.5-dev: Header files and a static library for Python (v3.5)

 Header files, a static library and development tools for building
 Python (v3.5) modules, extending the Python interpreter or embedding
 Python (v3.5) in applications.
 .
 Maintainers of Python packages should read README.maintainers.
 .
 This package contains development files. It is normally not
 used on it's own, but as a dependency of python3.5-dev.

libpython3.5-dev-dbgsym: debug symbols for package libpython3.5-dev

 Header files, a static library and development tools for building
 Python (v3.5) modules, extending the Python interpreter or embedding
 Python (v3.5) in applications.
 .
 Maintainers of Python packages should read README.maintainers.
 .
 This package contains development files. It is normally not
 used on it's own, but as a dependency of python3.5-dev.

libpython3.5-minimal: Minimal subset of the Python language (version 3.5)

 This package contains some essential modules. It is normally not
 used on it's own, but as a dependency of python3.5-minimal.

libpython3.5-minimal-dbgsym: debug symbols for package libpython3.5-minimal

 This package contains some essential modules. It is normally not
 used on it's own, but as a dependency of python3.5-minimal.

libpython3.5-stdlib: Interactive high-level object-oriented language (standard library, version 3.5)

 Python is a high-level, interactive, object-oriented language. Its 3.5 version
 includes an extensive class library with lots of goodies for
 network programming, system administration, sounds and graphics.
 .
 This package contains Python 3.5's standard library. It is normally not
 used on its own, but as a dependency of python3.5.

libpython3.5-stdlib-dbgsym: debug symbols for package libpython3.5-stdlib

 Python is a high-level, interactive, object-oriented language. Its 3.5 version
 includes an extensive class library with lots of goodies for
 network programming, system administration, sounds and graphics.
 .
 This package contains Python 3.5's standard library. It is normally not
 used on its own, but as a dependency of python3.5.

libpython3.5-testsuite: Testsuite for the Python standard library (v3.5)

 The complete testsuite for the Python standard library. Note that
 a subset is found in the libpython3.5-stdlib package, which should
 be enough for other packages to use (please do not build-depend
 on this package, but file a bug report to include additional
 testsuite files in the libpython3.5-stdlib package).

python3.5: Interactive high-level object-oriented language (version 3.5)

 Python is a high-level, interactive, object-oriented language. Its 3.5 version
 includes an extensive class library with lots of goodies for
 network programming, system administration, sounds and graphics.

python3.5-dbg: Debug Build of the Python Interpreter (version 3.5)

 The package holds two things:
 .
 - A Python interpreter configured with --pydebug. Dynamically loaded modules
   are searched as <foo>_d.so first. Third party extensions need a separate
   build to be used by this interpreter.
 - Debug information for standard python interpreter and extensions.
 .
 See the README.debug for more information.

python3.5-dev: Header files and a static library for Python (v3.5)

 Header files, a static library and development tools for building
 Python (v3.5) modules, extending the Python interpreter or embedding
 Python (v3.5) in applications.
 .
 Maintainers of Python packages should read README.maintainers.

python3.5-doc: Documentation for the high-level object-oriented language Python (v3.5)

 These is the official set of documentation for the interactive high-level
 object-oriented language Python (v3.5). All documents are provided
 in HTML format. The package consists of ten documents:
 .
   * What's New in Python3.5
   * Tutorial
   * Python Library Reference
   * Macintosh Module Reference
   * Python Language Reference
   * Extending and Embedding Python
   * Python/C API Reference
   * Installing Python Modules
   * Documenting Python
   * Distributing Python Modules

python3.5-examples: Examples for the Python language (v3.5)

 Examples, Demos and Tools for Python (v3.5). These are files included in
 the upstream Python distribution (v3.5).

python3.5-minimal: Minimal subset of the Python language (version 3.5)

 This package contains the interpreter and some essential modules. It can
 be used in the boot process for some basic tasks.
 See /usr/share/doc/python3.5-minimal/README.Debian for a list of the modules
 contained in this package.

python3.5-venv: Interactive high-level object-oriented language (pyvenv binary, version 3.5)

 Python is a high-level, interactive, object-oriented language. Its 3.5 version
 includes an extensive class library with lots of goodies for
 network programming, system administration, sounds and graphics.
 .
 This package contains the pyvenv-3.5 binary.