| Package | python3.4 |
|---|---|
| Version | 3.4.2-1+deb8u18 (jessie) |
| Related CVEs | CVE-2024-4032 CVE-2024-5642 |
Multiple vulnerabilities have been fixed in the Python3 interpreter.
CVE-2024-4032
Incorrect information about private addresses in the ipaddress module
CVE-2024-5642
NPN buffer overread when using empty list in SSLContext.set_npn_protocols()
Note that the CVE-2024-5642 fix disables NPN (Next Protocol Negotiation) in the ssl module, NPN is a TLS extension for the obsolete SPDY protocol (HTTP/2 is the successor to SPDY).
For Debian 8 jessie, these problems have been fixed in version 3.4.2-1+deb8u18.
We recommend that you upgrade your python3.4 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.