{"id":"MGASA-2018-0270","summary":"Updated python3 packages fix security vulnerabilities","details":"Updated python3 packages fix security vulnerabilities:\n\nA flaw was found in the way catastrophic backtracking was implemented in\nPython's pop3lib's apop() method. An attacker could use this flaw to cause\ndenial of service (CVE-2018-1060).\n\nA flaw was found in the way catastrophic backtracking was implemented in\nPython's difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause\ndenial of service (CVE-2018-1061).\n\nPossible denial of service vulnerability due to a missing check in Lib/wave.py\nto verify that at least one channel is provided (CVE-2017-18207).\n","modified":"2026-04-16T01:45:28.355186101Z","published":"2018-06-04T15:11:47Z","upstream":["CVE-2017-18207","CVE-2018-1060","CVE-2018-1061"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0270.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22983"},{"type":"WEB","url":"https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6WVU6LVRWETHDLXB6T3636AYNKVHPASB/"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2018-04/msg00041.html"}],"affected":[{"package":{"name":"python3","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/python3?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.3-1.7.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0270.json"}},{"package":{"name":"python3","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/python3?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5.3-1.4.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0270.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}