Ubuntu
python3.6 package

  1. Bug #1916480
  2. Comment #7

Comment 7 for bug 1916480

Revision history for this message
Seth Arnold (seth-arnold) wrote : Re: [Bug 1916480] Re: CVE-2021-3177: buffer overflow when parsing floats

On Sat, Jun 12, 2021 at 03:15:10PM -0000, sgubuntuuser wrote:
> We have ran apt upgrade in our Ubuntu 18.04 systems and systems are up
> to date now. However, the vulnerability tools still show up that
> vulnerability is existing. Also when checking the Python3 version in
> systems it shows 3.6.9. As per the following page, the fixed version
> must be 3.6.9-1. Can anyone help on this? Thank you
>
> https://ubuntu.com/security/CVE-2021-3177

Hello, I'm unable to reproduce what your tool is reporting:

root@u18:~# dpkg -l python3.6
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture
+++-=====================================-=======================-============
ii python3.6 3.6.9-1~18.04ubuntu1.4 amd64
root@u18:~# python3
Python 3.6.9 (default, Jan 26 2021, 15:33:00)
[GCC 8.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from ctypes import *
>>> c_double.from_param(1e300)
<cparam 'd' (1e+300)>
>>>

How is your tool determining that this isn't fixed?

Thanks