| Errata ID | 526 |
|---|---|
| Date | 2018-10-04 |
| Source package | python3.4 |
| Fixed in version | 3.4.2-1+deb8u1 |
| Description | This update addresses the following issues: * Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow (CVE-2017-1000158) * DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) * DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) * Command injection in the shutil module (CVE-2018-1000802) |
| Additional notes | |
| CVE ID | CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061 CVE-2018-1000802 |
| UCS Bug number | #47874 |
