=== ChanServ changed the topic of #ubuntu-security to: Twitter: @ubuntu_sec || https://usn.ubuntu.com || https://wiki.ubuntu.com/SecurityTeam || https://wiki.ubuntu.com/Security/Features || Community: mdeslaur
[18:24] <tomreyn> hi
[18:25] <tomreyn> according to chat of user 'mythos' in #ubuntu, focal's python has lost a patch for CVE-2021-29921 as a result of the bug 1928057 SRU
[18:25] <ubottu> Bug 1928057 in python3.8 (Ubuntu Groovy) "SRU: backport Python 3.8.10 to 20.04 LTS and 20.10" [Low, Fix Released] https://launchpad.net/bugs/1928057
[18:25] <ubottu> In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29921>
[18:30] <mdeslaur> ah ffs
[18:30] <mdeslaur> thanks tomreyn 
[18:31] <tomreyn> you're welcome. can this be automatically detected somehow?
[18:32] <tomreyn> i'm wondering whether automated tests could be generated and run against new package versions
[18:34] <mdeslaur> that would be nice