CVE-2018-14647
published 2018-09-25CVE-2018-14647: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks…
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
10.91%
95.3th percentile
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | python2.7 | < python2.7 2.7.15-5 (bullseye) | python2.7 2.7.15-5 (bullseye) |
| fedoraproject | fedora | — | — |
| opensuse | leap | — | — |
| python | python | — | — |
| python | python | 2.7.0 – 2.7.15 | — |
| python | python | 3.4.0 – 3.4.9 | — |
| python | python | 3.5.0 – 3.5.6 | — |
| python | python | 3.6.0 – 3.6.6 | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| the_python_project | python | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.6HIGH
vendor_ubuntu7.6HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12 vulnerabilities
osv·2024-07-11·CVSS 7.6
CVE-2015-20107 [HIGH] python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12 vulnerabilities
python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12 vulnerabilities
It was discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS.
(CVE-2015-20107)
It was discovered that Python incorrectly used regular expressions
vulnerable to catastrophic backtracking. A remote attacker could possibly
use this issue to cause a denial of service. This issue only affected
Ubuntu 14.04 LTS. (CVE-2018-1060, CVE-2018-1061)
It was discovered that Python failed to initialize Expat’s hash salt. A
remote attacker could possibly use this issue to cause hash collisions,
leading to a denial of service. This issue only affected Ubuntu 14.04 L
GHSA
GHSA-gvw2-fvqg-v8mm: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization
ghsa_unreviewed·2022-05-13
CVE-2018-14647 [HIGH] CWE-909 GHSA-gvw2-fvqg-v8mm: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.
OSV
python2.7, python3.4, python3.5 vulnerabilities
osv·2018-11-13·CVSS 3.6
CVE-2018-1000030 [LOW] python2.7, python3.4, python3.5 vulnerabilities
python2.7, python3.4, python3.5 vulnerabilities
It was discovered that Python incorrectly handled large amounts of data. A
remote attacker could use this issue to cause Python to crash, resulting in
a denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1000030)
It was discovered that Python incorrectly handled running external commands
in the shutil module. A remote attacker could use this issue to cause
Python to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2018-1000802)
It was discovered that Python incorrectly used regular expressions
vulnerable to catastrophic backtracking. A remote attacker could possibly
use this issue to cause a denial of service. This issue only affe
OSV
CVE-2018-14647: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization
osv·2018-09-25·CVSS 7.5
CVE-2018-14647 [HIGH] CVE-2018-14647: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.
Ubuntu
Python vulnerabilities
vendor_ubuntu·2024-07-11·CVSS 7.6
CVE-2021-29921 [HIGH] Python vulnerabilities
Title: Python vulnerabilities
Summary: Several security issues were fixed in Python.
It was discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS.
(CVE-2015-20107)
It was discovered that Python incorrectly used regular expressions
vulnerable to catastrophic backtracking. A remote attacker could possibly
use this issue to cause a denial of service. This issue only affected
Ubuntu 14.04 LTS. (CVE-2018-1060, CVE-2018-1061)
It was discovered that Python failed to initialize Expat’s hash salt. A
remote attacker could possibly use this issue to cause hash collisions,
leading to a denial of service. This issue only affected Ubuntu 14.04 LTS.
(CVE-2018-14647)
Ubuntu
Python vulnerabilities
vendor_ubuntu·2018-11-15·CVSS 3.6
CVE-2018-1000030 [LOW] Python vulnerabilities
Title: Python vulnerabilities
Summary: Several security issues were fixed in Python.
USN-3817-1 fixed a vulnerability in Python. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that Python incorrectly handled large amounts of data. A
remote attacker could use this issue to cause Python to crash, resulting in
a denial of service, or possibly execute arbitrary code. (CVE-2018-1000030)
It was discovered that Python incorrectly handled running external commands
in the shutil module. A remote attacker could use this issue to cause
Python to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2018-1000802)
It was discovered that Python incorrectly used regular expressions
vulnerable to catastroph
Ubuntu
Python vulnerabilities
vendor_ubuntu·2018-11-13·CVSS 3.6
CVE-2018-1000030 [LOW] Python vulnerabilities
Title: Python vulnerabilities
Summary: Several security issues were fixed in Python.
It was discovered that Python incorrectly handled large amounts of data. A
remote attacker could use this issue to cause Python to crash, resulting in
a denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1000030)
It was discovered that Python incorrectly handled running external commands
in the shutil module. A remote attacker could use this issue to cause
Python to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2018-1000802)
It was discovered that Python incorrectly used regular expressions
vulnerable to catastrophic backtracking. A remote attacker could possibly
use this issue to cause a d
Red Hat
python: Missing salt initialization in _elementtree.c module
vendor_redhat·2018-09-22·CVSS 7.5
CVE-2018-14647 [HIGH] CWE-909 python: Missing salt initialization in _elementtree.c module
python: Missing salt initialization in _elementtree.c module
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data str
Debian
CVE-2018-14647: python2.7 - Python's elementtree C accelerator failed to initialise Expat's hash salt during...
vendor_debian·2018·CVSS 7.5
CVE-2018-14647 [HIGH] CVE-2018-14647: python2.7 - Python's elementtree C accelerator failed to initialise Expat's hash salt during...
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.
Scope: local
bullseye: resolved (fixed in 2.7.15-5)
No detection rules found.
No public exploits indexed.
HackerOne
XML hash collision DoS vulnerability in Python's xml.etree module
hackerone·2018-10-31·CVSS 7.5
[HIGH] XML hash collision DoS vulnerability in Python's xml.etree module
XML hash collision DoS vulnerability in Python's xml.etree module
Python's standard library uses libexpat to parse XML. Internally the expat library has a hash table implementation to efficiently store and lookup DTD elements like entities, elements, attributes, etc. Hash tables are potentially vulnerable to hash collision Denial-of-Service attacks, which turns a hash insert or lookup from O(1) best case scenario to O(n) worst case scenario. To mitigate hash collision attacks, expat introduced hash randomization.
Hash randomization depends on a good, unpredictable seed. The expat library either uses the operating systems CSPRNG or expects the application to set a good hash seed with ``XML_SetHashSalt()`` call. Python's standard library decided to go for ``XML_SetHashSalt()``. Due to an o
Bugzilla
CVE-2018-14647 python36: python: Missing salt initialization in _elementtree.c module [fedora-all]
bugzilla·2018-09-25·CVSS 7.5
CVE-2018-14647 [HIGH] CVE-2018-14647 python36: python: Missing salt initialization in _elementtree.c module [fedora-all]
CVE-2018-14647 python36: python: Missing salt initialization in _elementtree.c module [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multip
Bugzilla
CVE-2018-14647 python3: python: Missing salt initialization in _elementtree.c module [fedora-all]
bugzilla·2018-09-24·CVSS 7.5
CVE-2018-14647 [HIGH] CVE-2018-14647 python3: python: Missing salt initialization in _elementtree.c module [fedora-all]
CVE-2018-14647 python3: python: Missing salt initialization in _elementtree.c module [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multipl
Bugzilla
CVE-2018-14647 python34: python: Missing salt initialization in _elementtree.c module [fedora-all]
bugzilla·2018-09-24·CVSS 7.5
CVE-2018-14647 [HIGH] CVE-2018-14647 python34: python: Missing salt initialization in _elementtree.c module [fedora-all]
CVE-2018-14647 python34: python: Missing salt initialization in _elementtree.c module [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multip
Bugzilla
CVE-2018-14647 python26: python: Missing salt initialization in _elementtree.c module [fedora-all]
bugzilla·2018-09-24·CVSS 7.5
CVE-2018-14647 [HIGH] CVE-2018-14647 python26: python: Missing salt initialization in _elementtree.c module [fedora-all]
CVE-2018-14647 python26: python: Missing salt initialization in _elementtree.c module [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multip
Bugzilla
CVE-2018-14647 python34: python: Missing salt initialization in _elementtree.c module [epel-7]
bugzilla·2018-09-24·CVSS 7.5
CVE-2018-14647 [HIGH] CVE-2018-14647 python34: python: Missing salt initialization in _elementtree.c module [epel-7]
CVE-2018-14647 python34: python: Missing salt initialization in _elementtree.c module [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following template
Bugzilla
CVE-2018-14647 python2: python: Missing salt initialization in _elementtree.c module [fedora-all]
bugzilla·2018-09-24·CVSS 7.5
CVE-2018-14647 [HIGH] CVE-2018-14647 python2: python: Missing salt initialization in _elementtree.c module [fedora-all]
CVE-2018-14647 python2: python: Missing salt initialization in _elementtree.c module [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multipl
Bugzilla
CVE-2018-14647 python34: python: Missing salt initialization in _elementtree.c module [epel-6]
bugzilla·2018-09-24·CVSS 7.5
CVE-2018-14647 [HIGH] CVE-2018-14647 python34: python: Missing salt initialization in _elementtree.c module [epel-6]
CVE-2018-14647 python34: python: Missing salt initialization in _elementtree.c module [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-6.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following template
Bugzilla
CVE-2018-14647 python36: python: Missing salt initialization in _elementtree.c module [epel-7]
bugzilla·2018-09-24·CVSS 7.5
CVE-2018-14647 [HIGH] CVE-2018-14647 python36: python: Missing salt initialization in _elementtree.c module [epel-7]
CVE-2018-14647 python36: python: Missing salt initialization in _elementtree.c module [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following template
Bugzilla
CVE-2018-14647 python33: python: Missing salt initialization in _elementtree.c module [fedora-all]
bugzilla·2018-09-24·CVSS 7.5
CVE-2018-14647 [HIGH] CVE-2018-14647 python33: python: Missing salt initialization in _elementtree.c module [fedora-all]
CVE-2018-14647 python33: python: Missing salt initialization in _elementtree.c module [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multip
Bugzilla
CVE-2018-14647 python35: python: Missing salt initialization in _elementtree.c module [fedora-all]
bugzilla·2018-09-24·CVSS 7.5
CVE-2018-14647 [HIGH] CVE-2018-14647 python35: python: Missing salt initialization in _elementtree.c module [fedora-all]
CVE-2018-14647 python35: python: Missing salt initialization in _elementtree.c module [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multip
Bugzilla
CVE-2018-14647 python37: python: Missing salt initialization in _elementtree.c module [fedora-all]
bugzilla·2018-09-24·CVSS 7.5
CVE-2018-14647 [HIGH] CVE-2018-14647 python37: python: Missing salt initialization in _elementtree.c module [fedora-all]
CVE-2018-14647 python37: python: Missing salt initialization in _elementtree.c module [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multip
Bugzilla
CVE-2018-14647 python: Missing salt initialization in _elementtree.c module
bugzilla·2018-09-21·CVSS 7.5
CVE-2018-14647 [HIGH] CVE-2018-14647 python: Missing salt initialization in _elementtree.c module
CVE-2018-14647 python: Missing salt initialization in _elementtree.c module
A flaw was found in python's _elementtree.c module, a wrapper for libexpat XML parser. xml.etree C accelerator don't call XML_SetHashSalt(), failing to properly initiate the random hash seed from a good CSPRNG source and making hash collision attacks with carefully crafted XML data easier.
Upstream bug:
https://bugs.python.org/issue34623.
Discussion:
Acknowledgments:
Name: the Python Security Response Team
---
Note that expat >=2.2.2 will internally initialize the hash salt with a more securely generated value providing arc4random, getrandom or /dev/urandom is available. The risk is greatest on earlier versions of expat (eg 2.1.0) or where such sources are not available.
---
External References:
https://
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.htmlhttp://www.securityfocus.com/bid/105396http://www.securitytracker.com/id/1041740https://access.redhat.com/errata/RHSA-2019:1260https://access.redhat.com/errata/RHSA-2019:2030https://access.redhat.com/errata/RHSA-2019:3725https://bugs.python.org/issue34623https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2019/06/msg00022.htmlhttps://lists.debian.org/debian-lts-announce/2019/06/msg00023.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/https://usn.ubuntu.com/3817-1/https://usn.ubuntu.com/3817-2/https://www.debian.org/security/2018/dsa-4306https://www.debian.org/security/2018/dsa-4307http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.htmlhttp://www.securityfocus.com/bid/105396http://www.securitytracker.com/id/1041740https://access.redhat.com/errata/RHSA-2019:1260https://access.redhat.com/errata/RHSA-2019:2030https://access.redhat.com/errata/RHSA-2019:3725https://bugs.python.org/issue34623https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2019/06/msg00022.htmlhttps://lists.debian.org/debian-lts-announce/2019/06/msg00023.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/https://usn.ubuntu.com/3817-1/https://usn.ubuntu.com/3817-2/https://www.debian.org/security/2018/dsa-4306https://www.debian.org/security/2018/dsa-4307
2018-09-25
Published