security-announce: openSUSE-SU-2020:0436-1: moderate: Security update for python-nltk
openSUSE Security Update: Security update for python-nltk
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0436-1
Rating: moderate
References: #1146427
Cross-References: CVE-2019-14751
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-nltk fixes the following issues:
Update to 3.4.5 (boo#1146427, CVE-2019-14751):
* CVE-2019-14751: Fixed Zip slip vulnerability in downloader for the
unlikely situation where a user configures their downloader to use a
compromised server (boo#1146427)
Update to 3.4.4:
* fix bug in plot function (probability.py)
* add improved PanLex Swadesh corpus reader
* add Text.generate()
* add QuadgramAssocMeasures
* add SSP to tokenizers
* return confidence of best tag from AveragedPerceptron
* make plot methods return Axes objects
* don't require list arguments to PositiveNaiveBayesClassifier.train
* fix Tree classes to work with native Python copy library
* fix inconsistency for NomBank
* fix random seeding in LanguageModel.generate
* fix ConditionalFreqDist mutation on tabulate/plot call
* fix broken links in documentation
* fix misc Wordnet issues
* update installation instructions
Version update to 3.4.1:
* add chomsky_normal_form for CFGs
* add meteor score
* add minimum edit/Levenshtein distance based alignment function
* allow access to collocation list via text.collocation_list()
* support corenlp server options
* drop support for Python 3.4
* other minor fixes
Update to v3.4:
* Support Python 3.7
* New Language Modeling package
* Cistem Stemmer for German
* Support Russian National Corpus incl POS tag model
* Krippendorf Alpha inter-rater reliability test
* Comprehensive code clean-ups
* Switch continuous integration from Jenkins to Travis
Updated to v3.3:
* Support Python 3.6
* New interface to CoreNLP
* Support synset retrieval by sense key
* Minor fixes to CoNLL Corpus Reader
* AlignedSent
* Fixed minor inconsistencies in APIs and API documentation
* Better conformance to PEP8
* Drop Moses Tokenizer (incompatible license)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-436=1
Package List:
- openSUSE Leap 15.1 (noarch):
python2-nltk-3.4.5-lp151.4.3.1
python3-nltk-3.4.5-lp151.4.3.1
References:
https://www.suse.com/security/cve/CVE-2019-14751.html
https://bugzilla.suse.com/1146427
A python-nltk security update has been released for SUSE Linux Enterprise 15 SP1.