SUSE 5182 Published by

A python-nltk security update has been released for SUSE Linux Enterprise 15 SP2.



openSUSE-SU-2022:10040-1: moderate: Security update for python-nltk


openSUSE Security Update: Security update for python-nltk
______________________________________________________________________________

Announcement ID: openSUSE-SU-2022:10040-1
Rating: moderate
References: #1146427 #1191030
Cross-References: CVE-2019-14751 CVE-2021-3828
CVSS scores:
CVE-2019-14751 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2021-3828 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
openSUSE Backports SLE-15-SP2
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for python-nltk fixes the following issues:

Update to 3.7

- Improve and update the NLTK team page on nltk.org (#2855, #2941)
- Drop support for Python 3.6, support Python 3.10 (#2920)

- Update to 3.6.7

- Resolve IndexError in `sent_tokenize` and `word_tokenize` (#2922)

- Update to 3.6.6

- Refactor `gensim.doctest` to work for gensim 4.0.0 and up (#2914)
- Add Precision, Recall, F-measure, Confusion Matrix to Taggers (#2862)
- Added warnings if .zip files exist without any corresponding .csv
files. (#2908)
- Fix `FileNotFoundError` when the `download_dir` is a non-existing
nested folder (#2910)
- Rename omw to omw-1.4 (#2907)
- Resolve ReDoS opportunity by fixing incorrectly specified regex
(#2906, boo#1191030, CVE-2021-3828).
- Support OMW 1.4 (#2899)
- Deprecate Tree get and set node methods (#2900)
- Fix broken inaugural test case (#2903)
- Use Multilingual Wordnet Data from OMW with newer Wordnet versions
(#2889)
- Keep NLTKs "tokenize" module working with pathlib (#2896)
- Make prettyprinter to be more readable (#2893)
- Update links to the nltk book (#2895)
- Add `CITATION.cff` to nltk (#2880)
- Resolve serious ReDoS in PunktSentenceTokenizer (#2869)
- Delete old CI config files (#2881)
- Improve Tokenize documentation + add TokenizerI as superclass for
TweetTokenizer (#2878)
- Fix expected value for BLEU score doctest after changes from #2572
- Add multi Bleu functionality and tests (#2793)
- Deprecate 'return_str' parameter in NLTKWordTokenizer and
TreebankWordTokenizer (#2883)
- Allow empty string in CFG's + more (#2888)
- Partition `tree.py` module into `tree` package + pickle fix (#2863)
- Fix several TreebankWordTokenizer and NLTKWordTokenizer bugs (#2877)
- Rewind Wordnet data file after each lookup (#2868)
- Correct __init__ call for SyntaxCorpusReader subclasses (#2872)
- Documentation fixes (#2873)
- Fix levenstein distance for duplicated letters (#2849)
- Support alternative Wordnet versions (#2860)
- Remove hundreds of formatting warnings for nltk.org (#2859)
- Modernize `nltk.org/howto` pages (#2856)
- Fix Bleu Score smoothing function from taking log(0) (#2839)
- Update third party tools to newer versions and removing MaltParser
fixed version (#2832)
- Fix TypeError: _pretty() takes 1 positional argument but 2 were given
in sem/drt.py (#2854)
- Replace `http` with `https` in most URLs (#2852)

- Update to 3.6.5

- modernised nltk.org website
- addressed LGTM.com issues
- support ZWJ sequences emoji and skin tone modifer emoji in
TweetTokenizer
- METEOR evaluation now requires pre-tokenized input
- Code linting and type hinting
- implement get_refs function for DrtLambdaExpression
- Enable automated CoreNLP, Senna, Prover9/Mace4, Megam, MaltParser CI
tests
- specify minimum regex version that supports regex.Pattern
- avoid re.Pattern and regex.Pattern which fail for Python 3.6, 3.7

- Update to 3.6.4

- deprecate `nltk.usage(obj)` in favor of `help(obj)`
- resolve ReDoS vulnerability in Corpus Reader
- solidify performance tests
- improve phone number recognition in tweet tokenizer
- refactored CISTEM stemmer for German
- identify NLTK Team as the author
- replace travis badge with github actions badge
- add SECURITY.md

- Update to 3.6.3

- Dropped support for Python 3.5
- Run CI tests on Windows, too
- Moved from Travis CI to GitHub Actions
- Code and comment cleanups
- Visualize WordNet relation graphs using Graphviz
- Fixed large error in METEOR score
- Apply isort, pyupgrade, black, added as pre-commit hooks
- Prevent debug_decisions in Punkt from throwing IndexError
- Resolved ZeroDivisionError in RIBES with dissimilar sentences
- Initialize WordNet IC total counts with smoothing value
- Fixed AttributeError for Arabic ARLSTem2 stemmer
- Many fixes and improvements to lm language model package
- Fix bug in nltk.metrics.aline, C_skip = -10
- Improvements to TweetTokenizer
- Optional show arg for FreqDist.plot, ConditionalFreqDist.plot
- edit_distance now computes Damerau-Levenshtein edit-distance

- Update to 3.6.2

- move test code to nltk/test
- fix bug in NgramAssocMeasures (order preserving fix)

- Update to 3.6

- add support for Python 3.9
- add Tree.fromlist
- compute Minimum Spanning Tree of unweighted graph using BFS
- fix bug with infinite loop in Wordnet closure and tree
- fix bug in calculating BLEU using smoothing method 4
- Wordnet synset similarities work for all pos
- new Arabic light stemmer (ARLSTem2)
- new syllable tokenizer (LegalitySyllableTokenizer)
- remove nose in favor of pytest

- Update to v3.5

* add support for Python 3.8
* drop support for Python 2
* create NLTK's own Tokenizer class distinct from the Treebank reference
tokeniser
* update Vader sentiment analyser
* fix JSON serialization of some PoS taggers
* minor improvements in grammar.CFG, Vader, pl196x corpus reader,
StringTokenizer
* change implementation = for FreqDist so they are partial
orders
* make FreqDist iterable
* correctly handle Penn Treebank trees with a unlabeled branching top
node

- Update to 3.4.5 (boo#1146427, CVE-2019-14751):

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP2:

zypper in -t patch openSUSE-2022-10040=1


Package List:

- openSUSE Backports SLE-15-SP2 (noarch):

python3-nltk-3.7-bp152.3.3.1

References:

  https://www.suse.com/security/cve/CVE-2019-14751.html
  https://www.suse.com/security/cve/CVE-2021-3828.html
  https://bugzilla.suse.com/1146427
  https://bugzilla.suse.com/1191030