A python3.4 security update has been released for Debian GNU/Linux 8 Extended LTS to address two security issues.
ELA-289-1 python3.4 security update
Package python3.4
ELA-289-1 python3.4 security update
Version 3.4.2-1+deb8u9
Related CVEs CVE-2019-20907 CVE-2020-26116
Two issues have been found in Python 3.4, an interactive high-level object-oriented language.
CVE-2019-20907 Avoid infinite loop with crafted tar file by improving header validation.
CVE-2020-26116 Avoid injection of HTTP headers via the HTTP method without rejecting newline characters.
For Debian 8 jessie, these problems have been fixed in version 3.4.2-1+deb8u9.
We recommend that you upgrade your python3.4 packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/.
