SUSE 5144 Published by

A python-nltk security update has been released for SUSE Linux Enterprise 15 SP1.



security-announce: openSUSE-SU-2020:0436-1: moderate: Security update for python-nltk


openSUSE Security Update: Security update for python-nltk
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:0436-1
Rating: moderate
References: #1146427
Cross-References: CVE-2019-14751
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for python-nltk fixes the following issues:

Update to 3.4.5 (boo#1146427, CVE-2019-14751):

* CVE-2019-14751: Fixed Zip slip vulnerability in downloader for the
unlikely situation where a user configures their downloader to use a
compromised server (boo#1146427)

Update to 3.4.4:

* fix bug in plot function (probability.py)
* add improved PanLex Swadesh corpus reader
* add Text.generate()
* add QuadgramAssocMeasures
* add SSP to tokenizers
* return confidence of best tag from AveragedPerceptron
* make plot methods return Axes objects
* don't require list arguments to PositiveNaiveBayesClassifier.train
* fix Tree classes to work with native Python copy library
* fix inconsistency for NomBank
* fix random seeding in LanguageModel.generate
* fix ConditionalFreqDist mutation on tabulate/plot call
* fix broken links in documentation
* fix misc Wordnet issues
* update installation instructions

Version update to 3.4.1:

* add chomsky_normal_form for CFGs
* add meteor score
* add minimum edit/Levenshtein distance based alignment function
* allow access to collocation list via text.collocation_list()
* support corenlp server options
* drop support for Python 3.4
* other minor fixes

Update to v3.4:

* Support Python 3.7
* New Language Modeling package
* Cistem Stemmer for German
* Support Russian National Corpus incl POS tag model
* Krippendorf Alpha inter-rater reliability test
* Comprehensive code clean-ups
* Switch continuous integration from Jenkins to Travis

Updated to v3.3:

* Support Python 3.6
* New interface to CoreNLP
* Support synset retrieval by sense key
* Minor fixes to CoNLL Corpus Reader
* AlignedSent
* Fixed minor inconsistencies in APIs and API documentation
* Better conformance to PEP8
* Drop Moses Tokenizer (incompatible license)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-436=1


Package List:

- openSUSE Leap 15.1 (noarch):

python2-nltk-3.4.5-lp151.4.3.1
python3-nltk-3.4.5-lp151.4.3.1

References:

  https://www.suse.com/security/cve/CVE-2019-14751.html
  https://bugzilla.suse.com/1146427