[ubuntu/focal-updates] python3.8 3.8.10-0ubuntu1~20.04.16 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Wed Mar 12 15:28:36 UTC 2025
python3.8 (3.8.10-0ubuntu1~20.04.16) focal-security; urgency=medium
* SECURITY UPDATE: incorrect quoting in venv module
- debian/patches/CVE-2024-9287.patch: Updated to fix additional
quotes in activation scripts Lib/venv/scripts/common/activate,
Lib/venv/scripts/posix/activate.csh, and
Lib/venv/scripts/posix/activate.fish.
- CVE-2024-9287
* SECURITY UPDATE: urlparse does not flag hostname with square brackets
as incorrect
- debian/patches/CVE-2025-0938-pre1.patch: Remove urlsplit()
optimization for 'http' prefixed inputs.
- debian/patches/CVE-2025-0938-pre2.patch: Fix urlparse() with numeric
paths.
- debian/patches/CVE-2025-0938.patch: Refreshed. It has together with
the pre patches the intended effect now.
- CVE-2025-0938
Date: 2025-03-11 21:06:11.850230+00:00
Changed-By: Fabian Toepfer <fabian.toepfer at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/python3.8/3.8.10-0ubuntu1~20.04.16
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list