| Package | python3.5 |
|---|---|
| Version | 3.5.3-1+deb9u10 (stretch) |
| Related CVEs | CVE-2024-0397 CVE-2024-4032 CVE-2024-5642 |
Multiple vulnerabilities have been fixed in the Python3 interpreter.
CVE-2024-0397
Race condition in ssl.SSLContext
CVE-2024-4032
Incorrect information about private addresses in the ipaddress module
CVE-2024-5642
NPN buffer overread when using empty list in SSLContext.set_npn_protocols()
Note that the CVE-2024-5642 fix disables NPN (Next Protocol Negotiation) in the ssl module, NPN is a TLS extension for the obsolete SPDY protocol (HTTP/2 is the successor to SPDY). Support for the NPN-successor ALPN for HTTP/2 continues to be available.
For Debian 9 stretch, these problems have been fixed in version 3.5.3-1+deb9u10.
We recommend that you upgrade your python3.5 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.