Bug#995226: marked as done (nltk is vulnerable to Inefficient Regular Expression Complexity (CVE-2021-3828))

Sat, 13 Nov 2021 10:12:25 -0800 

Your message dated Sat, 13 Nov 2021 18:09:50 +0000
with message-id <[email protected]>
and subject line Bug#995226: fixed in nltk 3.6.5-1
has caused the Debian Bug report #995226,
regarding nltk is vulnerable to Inefficient Regular Expression Complexity 
(CVE-2021-3828)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
995226: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995226
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: nltk
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerability was published for nltk.

CVE-2021-3828[0]:
| nltk is vulnerable to Inefficient Regular Expression Complexity


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-3828
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3828

Please adjust the affected versions in the BTS as needed.

Fixed upstream:
https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6
https://github.com/nltk/nltk/pull/2816

Current vulnerable version in unstable:
https://sources.debian.org/src/nltk/3.5-1/nltk/corpus/reader/comparative_sents.py/#L48

-- 
Neil Williams
=============
https://linux.codehelp.co.uk/

Attachment: pgpR3o3O9oPUT.pgp
Description: OpenPGP digital signature


--- End Message ---
--- Begin Message --- 
Source: nltk
Source-Version: 3.6.5-1
Done: Mo Zhou <[email protected]>

We believe that the bug you reported is fixed in the latest version of
nltk, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mo Zhou <[email protected]> (supplier of updated nltk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 13 Nov 2021 09:55:11 -0500
Source: nltk
Architecture: source
Version: 3.6.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Maintainers 
<[email protected]>
Changed-By: Mo Zhou <[email protected]>
Closes: 995226
Changes:
 nltk (3.6.5-1) unstable; urgency=medium
 .
   * New upstream version 3.6.5 (Closes: #995226)
     (This release fixes CVE-2021-3828)
   * Update dependency on python3 according to lintian.
Checksums-Sha1:
 90232e4d675d0ed35aaf8cea6b3c7cffc68f26fc 1954 nltk_3.6.5-1.dsc
 e0b828d3c147631117baf6022b7860c6fd127dee 2830237 nltk_3.6.5.orig.tar.gz
 d730ad68e3e24fff15fe6b7a152863485ec560f2 8524 nltk_3.6.5-1.debian.tar.xz
 fedb7f946cbe0a0ea12d2f8d36acc9ea75f264f2 6135 nltk_3.6.5-1_source.buildinfo
Checksums-Sha256:
 502d2931e28084c867c1117fe20cf63dd6416fd8b4064c5b6fdaa6bbb2d750cd 1954 
nltk_3.6.5-1.dsc
 fb7d2e92e0233e1bb72bc8428f288f77effb804514d0a93928e5abab44a66622 2830237 
nltk_3.6.5.orig.tar.gz
 995690fe333e06527bfbcd33a07bf5dd95b0174606bebc571cbd00a2b05a870c 8524 
nltk_3.6.5-1.debian.tar.xz
 37748d0ffe4cc4b7a5ccb8eb5e3bdcb1abfb7b700b32619027aa946d483ef249 6135 
nltk_3.6.5-1_source.buildinfo
Files:
 6de66c71958cd1aae1ebc7ef82ad59c3 1954 science optional nltk_3.6.5-1.dsc
 2ac9dc13ed3b6d5116ff82e3dee356bf 2830237 science optional 
nltk_3.6.5.orig.tar.gz
 ac44a7912d8d1e499adb0cfeafce22f0 8524 science optional 
nltk_3.6.5-1.debian.tar.xz
 fd1aed11b17cad79a64148e6f9216a0e 6135 science optional 
nltk_3.6.5-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEY4vHXsHlxYkGfjXeYmRes19oaooFAmGP9VYRHGx1bWluQGRl
Ymlhbi5vcmcACgkQYmRes19oaopZ9A/8DXucjMpDHeNo3sz0Ujw+OI/w2wts0laO
bcY1JHZ0UFtdDq6fnkswsXABRWm7/SgytVpoTBuVJ6u7zEZGYnsTACFYM1QvhdWt
CGyBRDNJjZLJWslhRO/qO98VF7OjMr1jSCsU+1SWGv5Dp6yvaTHMNk0J7pQMfuAv
zbScV5nwWGsFt9S4qihkzpc1wKqWfYDqvIRthRNVCvpZLkCH4vPcsj2SgVtYLL5G
Ptxdh8z6h8RAgp76UPfbtvONn08RgG+ZLFpnk6Tg2GAIfIa+OBVpYkKfOiuvicKe
ImpQgnKxxlWG/V28VPrSH7WJntd+TTsWWgw9H8VI62YoyGrnInYPPWrnHY7TjI8E
+TAZtxiTGCTtBpA1UjfsnT1POmly4CX8Xc8wMJymjMnb/bUuh6AqYzkVD7qK7jI1
BIw1kjHfpnEK6PGcsJGxPs/0TjS+EubPTGbUO4j849PYMIgMLmyJlZB6rgLcbwRt
EYhntNncAHFrOpPEraRfOdJwksHc7WY/YqPCU7SCoIZVsCcASclX6140/OfWQhbS
u+uPNC6ks8oY9aKDKcFoYo0+p5Cm7qasUt3ua/+Xv+/M6aC+gemeXBB20ri4zOJu
mwIUg29RwH9nloOhTAGEsEGjEVNkIFzRrSGjjRGPzTVWwmfESq8d9eDBejmj/CPC
n/M8GXmY/2I=
=KVN+
-----END PGP SIGNATURE-----

--- End Message ---
-- 
debian-science-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers

Reply via email to