CVE-2018-1061

Priority
Description
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is
vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method.
An attacker could use this flaw to cause denial of service.
Notes
 mdeslaur> same commits as CVE-2018-1060
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (2.7.3-0ubuntu3.11)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.7.6-8ubuntu0.5)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.7.12-1ubuntu0~16.04.4)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.7.15~rc1-1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (2.7.15-4ubuntu1)
Ubuntu 19.04 (Disco Dingo):not-affected (2.7.15-4ubuntu1)
Patches:
Upstream:https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (3.4.3-1ubuntu1~14.04.7)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Patches:
Upstream:https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (3.5.2-2ubuntu0~16.04.5)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Patches:
Upstream:https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.6.6-1~18.04)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (3.6.6-4)
Ubuntu 19.04 (Disco Dingo):DNE
Patches:
Upstream:https://github.com/python/cpython/commit/c9516754067d71fd7429a25ccfcb2141fc583523
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.7.0~b3-1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (3.7.0-1)
Ubuntu 19.04 (Disco Dingo):not-affected (3.7.0-1)
Patches:
Upstream:https://github.com/python/cpython/commit/0902a2d6b2d1d9dbde36aeaaccf1788ceaa97143
More Information

Updated: 2018-11-30 01:14:15 UTC (commit c9041f7b293e77b84dbf18bd24125a8a1a5a34e0)