Vulnerability Change Records for CVE-2018-1061

Change History

Initial Analysis 8/10/2018 10:11:21 AM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:python:python:*:*:*:*:*:*:*:* versions up to (excluding) 2.7.15
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:python:python:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.9
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:python:python:*:*:*:*:*:*:*:* versions up to (excluding) 3.5.6
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:python:python:*:*:*:*:*:*:*:* versions up to (excluding) 3.7.0
Added CVSS V2

								
							
							
						
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Added CVSS V3

								
							
							
						
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Added CWE

								
							
							
						
CWE-399
Changed Reference Type
https://bugs.python.org/issue32981 No Types Assigned
https://bugs.python.org/issue32981 Vendor Advisory
Changed Reference Type
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061 No Types Assigned
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061 Issue Tracking
Changed Reference Type
https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final No Types Assigned
https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final Vendor Advisory

CWE Remap 10/02/2019 8:3:26 PM

Action Type Old Value New Value
Changed CWE
CWE-399
CWE-399
NVD-CWE-noinfo

CVE Modified by MITRE 11/14/2018 6:29:03 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securitytracker.com/id/1042001 [No Types Assigned]
Added Reference

								
							
							
						
https://usn.ubuntu.com/3817-1/ [No Types Assigned]

CVE Modified by MITRE 11/06/2019 8:15:12 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2019:3725 [No Types Assigned]

CVE Modified by MITRE 3/29/2019 12:29:02 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/ [No Types Assigned]

CVE Modified by MITRE 1/21/2020 5:15:14 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html [No Types Assigned]

CVE Modified by MITRE 10/09/2019 7:38:01 PM

Action Type Old Value New Value
Added CVSS V3

								
							
							
						
Red Hat, Inc. AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Added CWE

								
							
							
						
Red Hat, Inc. CWE-20

Modified Analysis 4/03/2019 7:43:14 AM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
OR
     *cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
     *cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
     *cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Changed Reference Type
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/ No Types Assigned
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/ Mailing List, Third Party Advisory
Changed Reference Type
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/ No Types Assigned
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/ Mailing List, Third Party Advisory
Changed Reference Type
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/ Mailing List, Release Notes, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/ Mailing List, Third Party Advisory

CVE Modified by MITRE 10/31/2018 6:30:45 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2018:3041 [No Types Assigned]

CVE Modified by MITRE 5/22/2019 11:29:01 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2019:1260 [No Types Assigned]

CVE Modified by MITRE 3/29/2019 10:29:01 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/ [No Types Assigned]

Modified Analysis 3/27/2019 10:48:09 PM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
     *cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
     *cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
     *cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
Changed Reference Type
http://www.securitytracker.com/id/1042001 No Types Assigned
http://www.securitytracker.com/id/1042001 Third Party Advisory, VDB Entry
Changed Reference Type
https://access.redhat.com/errata/RHSA-2018:3041 No Types Assigned
https://access.redhat.com/errata/RHSA-2018:3041 Third Party Advisory
Changed Reference Type
https://access.redhat.com/errata/RHSA-2018:3505 No Types Assigned
https://access.redhat.com/errata/RHSA-2018:3505 Third Party Advisory
Changed Reference Type
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/ No Types Assigned
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/ Mailing List, Release Notes, Third Party Advisory
Changed Reference Type
https://usn.ubuntu.com/3817-1/ No Types Assigned
https://usn.ubuntu.com/3817-1/ Third Party Advisory
Changed Reference Type
https://usn.ubuntu.com/3817-2/ No Types Assigned
https://usn.ubuntu.com/3817-2/ Third Party Advisory

CVE Modified by MITRE 11/07/2018 6:29:09 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2018:3505 [No Types Assigned]

CVE Modified by MITRE 4/24/2019 2:29:09 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHBA-2019:0327 [No Types Assigned]

CVE Modified by MITRE 11/16/2018 6:29:00 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://usn.ubuntu.com/3817-2/ [No Types Assigned]

CVE Modified by MITRE 9/26/2018 6:29:13 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html [No Types Assigned]
Added Reference

								
							
							
						
https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html [No Types Assigned]

Modified Analysis 4/25/2019 11:20:01 AM

Action Type Old Value New Value
Changed Reference Type
https://access.redhat.com/errata/RHBA-2019:0327 No Types Assigned
https://access.redhat.com/errata/RHBA-2019:0327 Third Party Advisory

CVE Modified by MITRE 9/28/2018 6:29:02 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://www.debian.org/security/2018/dsa-4306 [No Types Assigned]

CVE Modified by MITRE 3/27/2019 1:29:01 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/ [No Types Assigned]

CVE Modified by MITRE 8/17/2018 4:29:16 PM

Action Type Old Value New Value
Changed Description
python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method.  An attacker could use this flaw to cause denial of service.
Added Reference

								
							
							
						
https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1 [No Types Assigned]
Added Reference

								
							
							
						
https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1 [No Types Assigned]
Removed Reference
https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final [Vendor Advisory]

								
						

CVE Modified by MITRE 8/21/2019 7:15:11 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us [No Types Assigned]

CVE Modified by MITRE 9/29/2018 6:29:01 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://www.debian.org/security/2018/dsa-4307 [No Types Assigned]