python

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description The Python programming language
Version 3.12.7-1 [core-testing]
3.12.6-1 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1913 3.9.4-1 3.9.5-1 Medium Fixed
AVG-1675 3.9.2-1 3.9.3-1 Medium Fixed
AVG-1465 3.9.1-2 3.9.2-1 Medium Fixed
AVG-977 3.7.2-1 3.7.3-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-29921 AVG-1913 Medium Yes Insufficient validation
Improper input validation of octal strings in Python stdlib ipaddress before version 3.9.5 allows unauthenticated remote attackers to perform indeterminate...
CVE-2021-23336 AVG-1465 Medium Yes Url request injection
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable...
CVE-2021-3426 AVG-1675 Medium Yes Information disclosure
A security issue was found in Python. Running "pydoc -p" allows any user to read arbitrary files on the filesystem by accessing "/getfile?key=path" over HTTP.
CVE-2021-3177 AVG-1465 Medium Yes Arbitrary code execution
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications...
CVE-2019-9636 AVG-977 High Yes Information disclosure
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization....

Advisories

Date Advisory Group Severity Type
27 Feb 2021 ASA-202102-37 AVG-1465 Medium multiple issues
18 Jun 2019 ASA-201906-17 AVG-977 High information disclosure