Advisory: CLSA-2025:1764872306
OS: Debian 13
Public date: 2025-12-04 18:18:28.600975
Project: python
Version: 3.7.17-5
Errata link: https://errata.tuxcare.com/els_alt_python/debian13/CLSA-2025-1764872306.html
* SECURITY UPDATE: ReDoS in tarfile module when parsing specially crafted tar archive headers - debian/patches/CVE-2024-6232.patch: Remove backtracking from tarfile header parsing * SECURITY UPDATE: DoS due to quadratic time complexity in http.cookies module when parsing quoted cookie values with backslashes - debian/patches/CVE-2024-7592.patch: Replace iterative regex search with single-pass substitution to eliminate quadratic complexity * SECURITY UPDATE: Command injection vulnerability in venv module activation scripts when virtual environment paths contain special shell characters - debian/patches/CVE-2024-9287.patch: Properly quote template strings in venv activation scripts
Update command: apt-get update apt-get --only-upgrade install alt-python*
alt-python37_3.7.17-5_amd64.deb alt-python37-debug_3.7.17-5_amd64.deb alt-python37-devel_3.7.17-5_amd64.deb alt-python37-libs_3.7.17-5_amd64.deb alt-python37-test_3.7.17-5_amd64.deb alt-python37-tkinter_3.7.17-5_amd64.deb alt-python37-tools_3.7.17-5_amd64.deb