python3.10 3.10.12-1~22.04.6 source package in Ubuntu

Changelog

python3.10 (3.10.12-1~22.04.6) jammy-security; urgency=medium

  * SECURITY UPDATE: incorrect special character parsing in email module
    - debian/patches/CVE-2023-27043.patch: reject malformed addresses in
      Doc/library/email.utils.rst, Lib/email/utils.py,
      Lib/test/test_email/test_email.py.
    - CVE-2023-27043
  * SECURITY UPDATE: ReDoS via specifically-crafted tar archives
    - debian/patches/CVE-2024-6232.patch: remove backtracking when parsing
      tarfile headers in Lib/tarfile.py, Lib/test/test_tarfile.py.
    - CVE-2024-6232
  * SECURITY UPDATE: header injection via newlines in email module
    - debian/patches/CVE-2024-6923.patch: encode newlines in headers, and
      verify headers are sound in Doc/library/email.errors.rst,
      Doc/library/email.policy.rst, Lib/email/_header_value_parser.py,
      Lib/email/_policybase.py, Lib/email/errors.py,
      Lib/email/generator.py, Lib/test/test_email/test_generator.py,
      Lib/test/test_email/test_policy.py.
    - CVE-2024-6923
  * SECURITY UPDATE: resource consumption via cookie parsing
    - debian/patches/CVE-2024-7592.patch: fix quadratic complexity in
      parsing quoted cookie values with backslashes in Lib/http/cookies.py,
      Lib/test/test_http_cookies.py.
    - CVE-2024-7592
  * SECURITY UPDATE: infinite loop via crafted zip archive
    - debian/patches/CVE-2024-8088-1.patch: sanitize names in zipfile.Path
      in Lib/test/test_zipfile/_path/test_path.py,
      Lib/zipfile/_path/__init__.py.
    - debian/patches/CVE-2024-8088-2.patch: replaced SanitizedNames with a
      more surgical fix in Lib/test/test_zipfile/_path/test_path.py,
      Lib/zipfile/_path/__init__.py.
    - CVE-2024-8088

 -- Marc Deslauriers <email address hidden>  Wed, 11 Sep 2024 11:47:36 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Jammy
Original maintainer:
Matthias Klose
Architectures:
any all
Section:
python
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Jammy updates main python
Jammy security main python

Downloads

File Size SHA-256 Checksum
python3.10_3.10.12.orig.tar.xz 18.7 MiB afb74bf19130e7a47d10312c8f5e784f24e0527981eab68e20546cfb865830b8
python3.10_3.10.12-1~22.04.6.debian.tar.xz 237.6 KiB 655791ddeb95c183bb0fd6b6f91ec84dbe3436a44933c76be9cda8dc3d2ae98b
python3.10_3.10.12-1~22.04.6.dsc 3.6 KiB 72a40c8d4e95d78bb39325964d8aec11fb9b9aba45a0983f691f7abdeb43644f

View changes file

Binary packages built by this source

idle-python3.10: IDE for Python (v3.10) using Tkinter

 IDLE is an Integrated Development Environment for Python (v3.10).
 IDLE is written using Tkinter and therefore quite platform-independent.

libpython3.10: Shared Python runtime library (version 3.10)

 Python is a high-level, interactive, object-oriented language. Its 3.10 version
 includes an extensive class library with lots of goodies for
 network programming, system administration, sounds and graphics.
 .
 This package contains the shared runtime library, normally not needed
 for programs using the statically linked interpreter.

libpython3.10-dbg: Debug Build of the Python Interpreter (version 3.10)

 The package holds two things:
 .
 - Extensions for a Python interpreter configured with --pydebug.
 - Debug information for standard python extensions.
 .
 See the README.debug for more information.

libpython3.10-dev: Header files and a static library for Python (v3.10)

 Header files, a static library and development tools for building
 Python (v3.10) modules, extending the Python interpreter or embedding
 Python (v3.10) in applications.
 .
 Maintainers of Python packages should read README.maintainers.
 .
 This package contains development files. It is normally not
 used on it's own, but as a dependency of python3.10-dev.

libpython3.10-minimal: Minimal subset of the Python language (version 3.10)

 This package contains some essential modules. It is normally not
 used on it's own, but as a dependency of python3.10-minimal.

libpython3.10-stdlib: Interactive high-level object-oriented language (standard library, version 3.10)

 Python is a high-level, interactive, object-oriented language. Its 3.10 version
 includes an extensive class library with lots of goodies for
 network programming, system administration, sounds and graphics.
 .
 This package contains Python 3.10's standard library. It is normally not
 used on its own, but as a dependency of python3.10.

libpython3.10-testsuite: Testsuite for the Python standard library (v3.10)

 The complete testsuite for the Python standard library. Note that
 a subset is found in the libpython3.10-stdlib package, which should
 be enough for other packages to use (please do not build-depend
 on this package, but file a bug report to include additional
 testsuite files in the libpython3.10-stdlib package).

python3.10: Interactive high-level object-oriented language (version 3.10)

 Python is a high-level, interactive, object-oriented language. Its 3.10 version
 includes an extensive class library with lots of goodies for
 network programming, system administration, sounds and graphics.

python3.10-dbg: Debug Build of the Python Interpreter (version 3.10)

 The package holds two things:
 .
 - A Python interpreter configured with --pydebug. Dynamically loaded modules
   are searched as <foo>_d.so first. Third party extensions need a separate
   build to be used by this interpreter.
 - Debug information for standard python interpreter and extensions.
 .
 See the README.debug for more information.

python3.10-dev: Header files and a static library for Python (v3.10)

 Header files, a static library and development tools for building
 Python (v3.10) modules, extending the Python interpreter or embedding
 Python (v3.10) in applications.
 .
 Maintainers of Python packages should read README.maintainers.

python3.10-doc: Documentation for the high-level object-oriented language Python (v3.10)

 These is the official set of documentation for the interactive high-level
 object-oriented language Python (v3.10). All documents are provided
 in HTML format. The package consists of ten documents:
 .
   * What's New in Python3.10
   * Tutorial
   * Python Library Reference
   * Macintosh Module Reference
   * Python Language Reference
   * Extending and Embedding Python
   * Python/C API Reference
   * Installing Python Modules
   * Documenting Python
   * Distributing Python Modules

python3.10-examples: Examples for the Python language (v3.10)

 Examples, Demos and Tools for Python (v3.10). These are files included in
 the upstream Python distribution (v3.10).

python3.10-full: Python Interpreter with complete class library (version 3.10)

 Python, the high-level, interactive object oriented language,
 includes an extensive class library with lots of goodies for
 network programming, system administration, sounds and graphics.
 .
 This package is a dependency package, which depends on the full
 standard library of Python for Python developers. Including modules
 used only at build-time, such as venv and distutils, and modules with
 complex dependencies, such as tk and IDLE. All batteries included.
 .
 According to the Debian Python policy, this package must not be used in
 build dependencies, dependencies and recommendations.

python3.10-minimal: Minimal subset of the Python language (version 3.10)

 This package contains the interpreter and some essential modules. It can
 be used in the boot process for some basic tasks.
 See /usr/share/doc/python3.10-minimal/README.Debian for a list of the modules
 contained in this package.

python3.10-nopie: Python interpreter linked without PIE (version 3.10)

 This package contains the interpreter not built as position independent
 executable. This interpreter is diverting the python3.10 executable, and making
 the interpreter built with PIE available as python3.10-pie.

python3.10-venv: Interactive high-level object-oriented language (pyvenv binary, version 3.10)

 Python is a high-level, interactive, object-oriented language. Its 3.10 version
 includes an extensive class library with lots of goodies for
 network programming, system administration, sounds and graphics.
 .
 This package contains the pyvenv-3.10 binary.