CVE-2018-1061

Priority
Description
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is
vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method.
An attacker could use this flaw to cause denial of service.
Assigned-to
mdeslaur
Notes
mdeslaursame commits as CVE-2018-1060
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (2.7.3-0ubuntu3.11)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.7.6-8ubuntu0.5)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.7.12-1ubuntu0~16.04.4)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.7.15~rc1-1)
Ubuntu 19.04 (Disco Dingo):not-affected (2.7.15-4ubuntu1)
Ubuntu 19.10 (Eoan Ermine):not-affected (2.7.15-4ubuntu1)
Ubuntu 20.04 (Focal Fossa):not-affected (2.7.15-4ubuntu1)
Patches:
Upstream:https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (3.4.3-1ubuntu1~14.04.7)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Patches:
Upstream:https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (3.5.2-2ubuntu0~16.04.5)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Patches:
Upstream:https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.6.6-1~18.04)
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Patches:
Upstream:https://github.com/python/cpython/commit/c9516754067d71fd7429a25ccfcb2141fc583523
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.7.0~b3-1)
Ubuntu 19.04 (Disco Dingo):not-affected (3.7.0-1)
Ubuntu 19.10 (Eoan Ermine):not-affected (3.7.0-1)
Ubuntu 20.04 (Focal Fossa):not-affected (3.7.0-1)
Patches:
Upstream:https://github.com/python/cpython/commit/0902a2d6b2d1d9dbde36aeaaccf1788ceaa97143
More Information

Updated: 2019-12-05 19:52:07 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)