On Sat, Jun 12, 2021 at 03:15:10PM -0000, sgubuntuuser wrote: > We have ran apt upgrade in our Ubuntu 18.04 systems and systems are up > to date now. However, the vulnerability tools still show up that > vulnerability is existing. Also when checking the Python3 version in > systems it shows 3.6.9. As per the following page, the fixed version > must be 3.6.9-1. Can anyone help on this? Thank you > > https://ubuntu.com/security/CVE-2021-3177
Hello, I'm unable to reproduce what your tool is reporting: root@u18:~# dpkg -l python3.6 Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture +++-=====================================-=======================-============ ii python3.6 3.6.9-1~18.04ubuntu1.4 amd64 root@u18:~# python3 Python 3.6.9 (default, Jan 26 2021, 15:33:00) [GCC 8.4.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> from ctypes import * >>> c_double.from_param(1e300) <cparam 'd' (1e+300)> >>> How is your tool determining that this isn't fixed? Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1916480 Title: CVE-2021-3177: buffer overflow when parsing floats To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python3.6/+bug/1916480/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
