Format: 1.8 Date: Sun, 28 Apr 2024 23:42:26 +0100 Source: python3.12 Built-For-Profiles: noudeb Architecture: source Version: 3.12.0-1ubuntu0.1 Distribution: mantic-security Urgency: medium Maintainer: Ubuntu Core Developers Changed-By: Allen Huang Changes: python3.12 (3.12.0-1ubuntu0.1) mantic-security; urgency=medium . * SECURITY UPDATE: improper privilege management - debian/patches/CVE-2023-6507.patch: Restore `subprocess`'s intended use of `vfork()` by default. - CVE-2023-6507 * SECURITY UPDATE: incorrect permission assignment - debian/patches/CVE-2023-6597.patch: fix symlink bug in cleanup. - CVE-2023-6597 * SECURITY UPDATE: Zip-Bombs with overlap entries - debian/patches/CVE-2024-0450.patch: Protect zipfile from "quoted-overlap" zipbomb. Raise BadZipFile when try to read an entry that overlaps with other entry or central directory. - CVE-2024-0450 Checksums-Sha1: 8fdaed9d4af84a1152e38a47a7ad4a6b09252559 3781 python3.12_3.12.0-1ubuntu0.1.dsc 1e0096854231712ea3ccc296f5622c9e95612a14 216712 python3.12_3.12.0-1ubuntu0.1.debian.tar.xz d9415e5142c6e5b5b1f0cf0a4b23d995bb60cc22 10531 python3.12_3.12.0-1ubuntu0.1_source.buildinfo Checksums-Sha256: 7c4096034672feff1cbb6c54cf00ae1ecee26638ec77352b5ef9a5c137b1fb4b 3781 python3.12_3.12.0-1ubuntu0.1.dsc b4b9db0f9db3ccc351b27c51166cabbd1176dfe967cf6310ed91e1192d396e44 216712 python3.12_3.12.0-1ubuntu0.1.debian.tar.xz 555e436c0a9aa5a20d31fa32a98caf652577a891490be3bb08dcb92290cf11e5 10531 python3.12_3.12.0-1ubuntu0.1_source.buildinfo Files: 36ccaa57b4806166ccc1d6402241c36b 3781 python optional python3.12_3.12.0-1ubuntu0.1.dsc 19fc0fc1c85ed7c2e31b76e4b66fe5ce 216712 python optional python3.12_3.12.0-1ubuntu0.1.debian.tar.xz 3e7a24d3ef89fa82106bce80e9ad3647 10531 python optional python3.12_3.12.0-1ubuntu0.1_source.buildinfo Original-Maintainer: Matthias Klose