Lucene search

K
ubuntucveUbuntu.comUB:CVE-2019-17514
HistoryOct 12, 2019 - 12:00 a.m.

CVE-2019-17514

2019-10-1200:00:00
ubuntu.com
ubuntu.com
17

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.003

Percentile

71.0%

library/glob.html in the Python 2 and 3 documentation before 2016 has
potentially misleading information about whether sorting occurs, as
demonstrated by irreproducible cancer-research results. NOTE: the effects
of this documentation cross application domains, and thus it is likely that
security-relevant code elsewhere is affected. This issue is not a Python
implementation bug, and there are no reports that NMR researchers were
specifically relying on library/glob.html. In other words, because the
older documentation stated “finds all the pathnames matching a specified
pattern according to the rules used by the Unix shell,” one might have
incorrectly inferred that the sorting that occurs in a Unix shell also
occurred for glob.glob. There is a workaround in newer versions of
Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which
call sort() directly.

Bugs

Notes

Author Note
mdeslaur this is a documentation change only, we will not be fixing this issue in Ubuntu 20.10.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchpython2.7< 2.7.17-1~18.04ubuntu1.1UNKNOWN
ubuntu20.04noarchpython2.7< 2.7.18-1~20.04.1UNKNOWN
ubuntu22.04noarchpython2.7< anyUNKNOWN
ubuntu14.04noarchpython2.7< 2.7.6-8ubuntu0.6+esm6UNKNOWN
ubuntu16.04noarchpython2.7< 2.7.12-1ubuntu0~16.04.12UNKNOWN
ubuntu14.04noarchpython3.4< 3.4.3-1ubuntu1~14.04.7+esm7UNKNOWN
ubuntu14.04noarchpython3.5< 3.5.2-2ubuntu0~16.04.4~14.04.1+esm1UNKNOWN
ubuntu16.04noarchpython3.5< 3.5.2-2ubuntu0~16.04.11UNKNOWN
ubuntu18.04noarchpython3.6< 3.6.9-1~18.04ubuntu1.1UNKNOWN
ubuntu18.04noarchpython3.7< 3.7.5-2ubuntu1~18.04.2+esm3UNKNOWN
Rows per page:
1-10 of 121

References

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.003

Percentile

71.0%