CVE-2024-3651
Published: 23 April 2024
[potential DoS via resource consumption via specially crafted inputs to idna.encode()]
Notes
| Author | Note |
|---|---|
| mdeslaur | On focal and earlier, the python-pip package bundles python-idna binaries when built. After updating python-idna, a no-change rebuild of python-pip is required. On jammy and later, python-idna is bundled in the python-pip package and needs to be patched. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
python-idna Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| jammy |
Needs triage
|
|
| mantic |
Needs triage
|
|
| noble |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
Patches: upstream: https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7 |
||
|
python-pip Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| jammy |
Needs triage
|
|
| mantic |
Needs triage
|
|
| noble |
Needs triage
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|