PublicDateAtUSN: 2020-10-22 03:16:00 UTC Candidate: CVE-2020-27619 PublicDate: 2020-10-22 03:16:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27619 https://ubuntu.com/security/notices/USN-4754-1 https://ubuntu.com/security/notices/USN-4754-3 Description: In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. Ubuntu-Description: Notes: Mitigation: Bugs: https://bugs.python.org/issue41944 Priority: low Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL] Patches_python2.7: upstream_python2.7: not-affected precise/esm_python2.7: not-affected trusty_python2.7: ignored (out of standard support) trusty/esm_python2.7: not-affected xenial_python2.7: not-affected esm-infra/xenial_python2.7: not-affected bionic_python2.7: not-affected focal_python2.7: not-affected groovy_python2.7: not-affected hirsute_python2.7: not-affected impish_python2.7: not-affected jammy_python2.7: not-affected devel_python2.7: not-affected Patches_python3.4: upstream_python3.4: needs-triage precise/esm_python3.4: DNE trusty_python3.4: ignored (out of standard support) trusty/esm_python3.4: released (3.4.3-1ubuntu1~14.04.7+esm10) xenial_python3.4: DNE bionic_python3.4: DNE focal_python3.4: DNE groovy_python3.4: DNE hirsute_python3.4: DNE impish_python3.4: DNE jammy_python3.4: DNE devel_python3.4: DNE Patches_python3.5: upstream_python3.5: needs-triage precise/esm_python3.5: DNE trusty_python3.5: ignored (out of standard support) trusty/esm_python3.5: needs-triage xenial_python3.5: released (3.5.2-2ubuntu0~16.04.13) esm-infra/xenial_python3.5: released (3.5.2-2ubuntu0~16.04.13) bionic_python3.5: DNE focal_python3.5: DNE groovy_python3.5: DNE hirsute_python3.5: DNE impish_python3.5: DNE jammy_python3.5: DNE devel_python3.5: DNE Patches_python3.6: upstream: https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b (3.6) upstream_python3.6: needs-triage precise/esm_python3.6: DNE trusty_python3.6: DNE trusty/esm_python3.6: DNE xenial_python3.6: DNE bionic_python3.6: released (3.6.9-1~18.04ubuntu1.4) focal_python3.6: DNE groovy_python3.6: DNE hirsute_python3.6: DNE impish_python3.6: DNE jammy_python3.6: DNE devel_python3.6: DNE Patches_python3.7: upstream: https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9 (3.7) upstream_python3.7: needs-triage precise/esm_python3.7: DNE trusty_python3.7: DNE trusty/esm_python3.7: DNE xenial_python3.7: DNE bionic_python3.7: released (3.7.5-2~18.04.4) focal_python3.7: DNE groovy_python3.7: DNE hirsute_python3.7: DNE impish_python3.7: DNE jammy_python3.7: DNE devel_python3.7: DNE Patches_python3.8: upstream: https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33 (3.8) upstream_python3.8: needs-triage precise/esm_python3.8: DNE trusty_python3.8: DNE trusty/esm_python3.8: DNE xenial_python3.8: DNE bionic_python3.8: released (3.8.0-3~18.04.1) focal_python3.8: released (3.8.5-1~20.04.2) groovy_python3.8: released (3.8.6-1ubuntu0.2) hirsute_python3.8: DNE impish_python3.8: DNE jammy_python3.8: DNE devel_python3.8: DNE Patches_python3.9: upstream: https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794 (3.9) upstream_python3.9: needs-triage precise/esm_python3.9: DNE trusty_python3.9: DNE trusty/esm_python3.9: DNE xenial_python3.9: DNE bionic_python3.9: DNE focal_python3.9: not-affected (3.9.0-5~20.04) groovy_python3.9: not-affected (3.9.0-5) hirsute_python3.9: not-affected (3.9.0-5) impish_python3.9: not-affected (3.9.0-5) jammy_python3.9: DNE devel_python3.9: DNE