Release date:
2024-08-21 17:12:11 UTC
Description:
* SECURITY UPDATE: exploit “quoted-overlap” zip-bombs with a high compression ratio
- debian/patches/CVE-2024-0450.patch: Protect zipfile from "quoted-overlap"
zipbomb
- CVE-2024-0450
* replace TLSv1 by TLSv1.2 since TLSv1 is not supported in the following tests:
- Lib/test/test_ftplib.py
- Lib/test/test_httplib.py
- Lib/test/test_poplib.py
- Lib/test/test_ssl.py
- Lib/test/test_urllib2_localnet.py
Updated packages:
-
idle-python3.5_3.5.2-2ubuntu0~16.04.13+tuxcare.els14_all.deb
sha:0466daebad53ce6fdcb32253e9532a32e74c2bee
-
libpython3.5_3.5.2-2ubuntu0~16.04.13+tuxcare.els14_amd64.deb
sha:30c3eae2cf0d93494c2d887e1b386bb117eab142
-
libpython3.5-dev_3.5.2-2ubuntu0~16.04.13+tuxcare.els14_amd64.deb
sha:a24478d9ed897d93dd5098d2e806de4af1e60aed
-
libpython3.5-minimal_3.5.2-2ubuntu0~16.04.13+tuxcare.els14_amd64.deb
sha:d4fe5cf47a000ad6c80010ad03203b62040a9070
-
libpython3.5-stdlib_3.5.2-2ubuntu0~16.04.13+tuxcare.els14_amd64.deb
sha:ff10d138358d3ce7e237ff611f693fdb19b4858f
-
libpython3.5-testsuite_3.5.2-2ubuntu0~16.04.13+tuxcare.els14_all.deb
sha:5eb0cf68431fda385bf028f06ac517ae3d05c752
-
python3.5_3.5.2-2ubuntu0~16.04.13+tuxcare.els14_amd64.deb
sha:f9bff6b5ad3b0615bfa653f8b12b160573e6fc07
-
python3.5-dev_3.5.2-2ubuntu0~16.04.13+tuxcare.els14_amd64.deb
sha:1961721b116e5ea1ddfc2709d00a946c058084eb
-
python3.5-doc_3.5.2-2ubuntu0~16.04.13+tuxcare.els14_all.deb
sha:0440b6c6c79df5c2d144b26e2add80cb6fb14d92
-
python3.5-examples_3.5.2-2ubuntu0~16.04.13+tuxcare.els14_all.deb
sha:1490b0210e30dfaa7ac15e56469e9af23666c0d6
-
python3.5-minimal_3.5.2-2ubuntu0~16.04.13+tuxcare.els14_amd64.deb
sha:c49d46f3c516f43cdbc3cb308ca6d026a3aaa3ce
-
python3.5-venv_3.5.2-2ubuntu0~16.04.13+tuxcare.els14_amd64.deb
sha:51cfbb5881bc3626b3487ee20a7a02344ef4c5d1
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
