From db1dd6d8da32810106a00edf273e729d5905dd9b Mon Sep 17 00:00:00 2001 From: Wen Heping Date: Sat, 19 Oct 2019 09:52:18 +0000 Subject: [PATCH] - Document python37 multiple vulnerabilities. --- security/vuxml/vuln.xml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 4c69b4a4e487..3202aa0b0b44 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,41 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + python 3.7 -- multiple vulnerabilities + + + python37 + 3.7.5 + + + + +

Python changelog:

+
+

bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer when rendering + the document page as HTML.

+

bpo-38174: Update vendorized expat library version to 2.2.8, which resolves + CVE-2019-15903.

+

bpo-37764: Fixes email._header_value_parser.get_unstructured going into an infinite + loop for a specific case in which the email header does not have trailing whitespace, + and the case in which it contains an invalid encoded word.

+

bpo-37461: Fix an infinite loop when parsing specially crafted email headers.

+

bpo-34155: Fix parsing of invalid email addresses with more than one @ + (e.g. a@b@c.com.) to not return the part before 2nd @ as valid email address.

+
+ +
+ + https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-5-final + CVE-2019-15903 + + + 2019-09-14 + 2019-10-19 + +
+ Pillow -- Allocation of resources without limits or throttling