* DISPUTED * Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "low", "binaries": [ { "python3.5-dev": "3.5.2-2ubuntu0~16.04.13+esm5", "libpython3.5-minimal-dbgsym": "3.5.2-2ubuntu0~16.04.13+esm5", "libpython3.5-dbgsym": "3.5.2-2ubuntu0~16.04.13+esm5", "libpython3.5-dbg": "3.5.2-2ubuntu0~16.04.13+esm5", "libpython3.5-minimal": "3.5.2-2ubuntu0~16.04.13+esm5", "libpython3.5-stdlib": "3.5.2-2ubuntu0~16.04.13+esm5", "libpython3.5": "3.5.2-2ubuntu0~16.04.13+esm5", "python3.5-minimal": "3.5.2-2ubuntu0~16.04.13+esm5", "idle-python3.5": "3.5.2-2ubuntu0~16.04.13+esm5", "python3.5-venv": "3.5.2-2ubuntu0~16.04.13+esm5", "python3.5-examples": "3.5.2-2ubuntu0~16.04.13+esm5", "python3.5": "3.5.2-2ubuntu0~16.04.13+esm5", "libpython3.5-dev": "3.5.2-2ubuntu0~16.04.13+esm5", "libpython3.5-stdlib-dbgsym": "3.5.2-2ubuntu0~16.04.13+esm5", "python3.5-dbg": "3.5.2-2ubuntu0~16.04.13+esm5", "python3.5-doc": "3.5.2-2ubuntu0~16.04.13+esm5", "libpython3.5-testsuite": "3.5.2-2ubuntu0~16.04.13+esm5", "libpython3.5-dev-dbgsym": "3.5.2-2ubuntu0~16.04.13+esm5" } ], "priority_reason": "Works as documented, and disputed as being a security issue" }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "low", "binaries": [ { "libpython3.9": "3.9.5-3ubuntu0~20.04.1+esm1", "libpython3.9-stdlib": "3.9.5-3ubuntu0~20.04.1+esm1", "python3.9-dbg": "3.9.5-3ubuntu0~20.04.1+esm1", "python3.9-venv": "3.9.5-3ubuntu0~20.04.1+esm1", "libpython3.9-dbg": "3.9.5-3ubuntu0~20.04.1+esm1", "idle-python3.9": "3.9.5-3ubuntu0~20.04.1+esm1", "python3.9": "3.9.5-3ubuntu0~20.04.1+esm1", "libpython3.9-minimal": "3.9.5-3ubuntu0~20.04.1+esm1", "python3.9-dev": "3.9.5-3ubuntu0~20.04.1+esm1", "python3.9-examples": "3.9.5-3ubuntu0~20.04.1+esm1", "libpython3.9-dev": "3.9.5-3ubuntu0~20.04.1+esm1", "libpython3.9-testsuite": "3.9.5-3ubuntu0~20.04.1+esm1", "python3.9-doc": "3.9.5-3ubuntu0~20.04.1+esm1", "python3.9-full": "3.9.5-3ubuntu0~20.04.1+esm1", "python3.9-minimal": "3.9.5-3ubuntu0~20.04.1+esm1" } ], "priority_reason": "Works as documented, and disputed as being a security issue" }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libpython3.10": "3.10.6-1~22.04.1", "python3.10": "3.10.6-1~22.04.1", "libpython3.10-stdlib": "3.10.6-1~22.04.1", "python3.10-examples": "3.10.6-1~22.04.1", "libpython3.10-dev": "3.10.6-1~22.04.1", "python3.10-dev": "3.10.6-1~22.04.1", "python3.10-doc": "3.10.6-1~22.04.1", "python3.10-nopie": "3.10.6-1~22.04.1", "libpython3.10-testsuite": "3.10.6-1~22.04.1", "python3.10-venv": "3.10.6-1~22.04.1", "libpython3.10-minimal": "3.10.6-1~22.04.1", "python3.10-full": "3.10.6-1~22.04.1", "python3.10-dbg": "3.10.6-1~22.04.1", "idle-python3.10": "3.10.6-1~22.04.1", "python3.10-minimal": "3.10.6-1~22.04.1", "libpython3.10-dbg": "3.10.6-1~22.04.1" } ], "priority_reason": "Works as documented, and disputed as being a security issue" }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "python3.11-minimal": "3.11.0~rc1-1~22.04", "python3.11-examples": "3.11.0~rc1-1~22.04", "python3.11": "3.11.0~rc1-1~22.04", "idle-python3.11": "3.11.0~rc1-1~22.04", "libpython3.11-dev": "3.11.0~rc1-1~22.04", "python3.11-dbg": "3.11.0~rc1-1~22.04", "libpython3.11-dbg": "3.11.0~rc1-1~22.04", "libpython3.11": "3.11.0~rc1-1~22.04", "libpython3.11-testsuite": "3.11.0~rc1-1~22.04", "libpython3.11-minimal": "3.11.0~rc1-1~22.04", "python3.11-dev": "3.11.0~rc1-1~22.04", "python3.11-full": "3.11.0~rc1-1~22.04", "python3.11-venv": "3.11.0~rc1-1~22.04", "libpython3.11-stdlib": "3.11.0~rc1-1~22.04", "python3.11-doc": "3.11.0~rc1-1~22.04", "python3.11-nopie": "3.11.0~rc1-1~22.04" } ], "priority_reason": "Works as documented, and disputed as being a security issue" }