Your message dated Wed, 02 Oct 2024 06:21:44 +0000
with message-id <[email protected]>
and subject line Bug#1074423: fixed in nltk 3.9.1-1
has caused the Debian Bug report #1074423,
regarding nltk: CVE-2024-39705
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1074423: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074423
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nltk
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for nltk.
CVE-2024-39705[0]:
| NLTK through 3.8.1 allows remote code execution if untrusted
| packages have pickled Python code, and the integrated data package
| download functionality is used. This affects, for example,
| averaged_perceptron_tagger and punkt.
https://github.com/nltk/nltk/issues/3266
https://github.com/nltk/nltk/issues/2522
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-39705
https://www.cve.org/CVERecord?id=CVE-2024-39705
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: nltk
Source-Version: 3.9.1-1
Done: Mo Zhou <[email protected]>
We believe that the bug you reported is fixed in the latest version of
nltk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mo Zhou <[email protected]> (supplier of updated nltk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 02 Oct 2024 02:03:25 -0400
Source: nltk
Architecture: source
Version: 3.9.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Maintainers
<[email protected]>
Changed-By: Mo Zhou <[email protected]>
Closes: 1074423
Changes:
nltk (3.9.1-1) unstable; urgency=medium
.
* New upstream version 3.9.1 (Closes: #1074423)
(Fixes CVE-2024-39705)
Checksums-Sha1:
0ba726f115e710aa8e55dbdbb291d372f1f16e5f 1956 nltk_3.9.1-1.dsc
875454c081a32f2af4739dc6a47ff44817c9e2d7 2874006 nltk_3.9.1.orig.tar.gz
431075fc3d4c7e04380edd03dd7ba921b259ef04 8740 nltk_3.9.1-1.debian.tar.xz
085e39952e1da3d6076d5441f96fc603f97de01b 7442 nltk_3.9.1-1_source.buildinfo
Checksums-Sha256:
60f5caf20f49ead54896338a1846549fedff3f1ce8932f209ceff143e3fd126e 1956
nltk_3.9.1-1.dsc
03e06c8c13e352133962c4395ebe0696905c9f1fbdead2d19deae37ba48eb47c 2874006
nltk_3.9.1.orig.tar.gz
c0890ca84ddf2a0d0dbd6f6aa26dd98d968fa55e8414eab4f1b288675cd91b4c 8740
nltk_3.9.1-1.debian.tar.xz
55fb9628680a1815abccc8dccc39803da96c344c08ec618e7c81d76739129c8f 7442
nltk_3.9.1-1_source.buildinfo
Files:
b09b4c1acbc6d5a556761fdbdde8e8f2 1956 science optional nltk_3.9.1-1.dsc
1efe6ad00b27f44708a22daefe84b947 2874006 science optional
nltk_3.9.1.orig.tar.gz
117ea2d04ac7e0af493642a5e5b9b9cc 8740 science optional
nltk_3.9.1-1.debian.tar.xz
41404b5e58926cfcd2bb779367a9ed1c 7442 science optional
nltk_3.9.1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEY4vHXsHlxYkGfjXeYmRes19oaooFAmb84mMRHGx1bWluQGRl
Ymlhbi5vcmcACgkQYmRes19oaooOug//RfkG4cbwbj8mtFkTpaK0HYjt2mPzXnS+
uM+Y/AuyKkCKdyVHlrC9WOpDQj1RYtTR3qqwHSwNEKIOPSGZKUt9Tqq130lWWQxY
paTfxgQjyuIQJo5ul2W9PssUZqtHc75dOqypYziia1r2OcIS61byX94kLL6xy9o3
nZXAi2/QgwoSbZRNeHd35TDs5GjF4CRkvCz+mm/Qto58XA0w277raFIs/ReEVo6r
R+IyVqUfAeLQqd3rqrEw1JMr27pRlgC3mEVcObf6JG0aoaU7vEOPmBi2WEc7IOMz
h0MlLmobS5XSorPloYtEljZ2ywzBt8U/rp6iquKhxIgWaasOBulOerX/vGxFWIh3
d/wkuVEIZll1riqwWO12rUkA/kcKxf9QTbMe4god1evOJJWaE3LNORTLEiohZlhW
+hCTL+054ftP6eziUBvBJ5rD0MobbyCHs+G2ACeBLkW7w9O7hNKxUtj2y54NYEkq
T6ZXSBLZecXmcChPdIChew5iYowJc9hbOqAopxVzmhM+c4WgW4tr3dQpKljeh65R
o7gICZmCh9j5GedkHtEIslKF97Od7SYlFiENgf6xZxmrfPOKRFncGUR25G0VHips
c3sjvttVTmY7CWf9lNizN7gZCQqhG0RIcdHyI/4txHRZ2HfFqt19DJZCz3tyENWn
kI1bTowVAJQ=
=C52s
-----END PGP SIGNATURE-----
pgplElI6bv8vT.pgp
Description: PGP signature
--- End Message ---
--
debian-science-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
