Launchpad.net

CVE 2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

Related bugs and status

CVE-2020-8492 (Candidate) is related to these bugs:

Bug #1811531: remote execution vulnerability

		In	Importance	Status
1811531	remote execution vulnerability	zeromq3 (Ubuntu)	Undecided	Fix Released
1811531	remote execution vulnerability	zeromq3 (Debian)	Unknown	Fix Released
1811531	remote execution vulnerability	zeromq (Suse)	High	Fix Released

Bug #1867157: Improve command-not-found package headers

		In	Importance	Status
1867157	Improve command-not-found package headers	python-defaults (Ubuntu)	Undecided	Fix Released
1867157	Improve command-not-found package headers	python3-defaults (Ubuntu)	Undecided	Fix Released
1867157	Improve command-not-found package headers	python2.7 (Ubuntu)	Undecided	Fix Released
1867157	Improve command-not-found package headers	python3.8 (Ubuntu)	Undecided	Fix Released

Bug #1889218: SRU: backport Python 3.8.5 to 20.04 LTS

		In	Importance	Status
1889218	SRU: backport Python 3.8.5 to 20.04 LTS	python3-stdlib-extensions (Ubuntu)	Undecided	Fix Released
1889218	SRU: backport Python 3.8.5 to 20.04 LTS	python3.8 (Ubuntu)	Undecided	Fix Released
1889218	SRU: backport Python 3.8.5 to 20.04 LTS	python3-stdlib-extensions (Ubuntu Focal)	Undecided	Fix Released
1889218	SRU: backport Python 3.8.5 to 20.04 LTS	python3.8 (Ubuntu Focal)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2020-8492

Related bugs and status

Related bugs

References