openSUSE Security Update: Security update for python-nltk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0436-1 Rating: moderate References: #1146427 Cross-References: CVE-2019-14751 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-nltk fixes the following issues: Update to 3.4.5 (boo#1146427, CVE-2019-14751): * CVE-2019-14751: Fixed Zip slip vulnerability in downloader for the unlikely situation where a user configures their downloader to use a compromised server (boo#1146427) Update to 3.4.4: * fix bug in plot function (probability.py) * add improved PanLex Swadesh corpus reader * add Text.generate() * add QuadgramAssocMeasures * add SSP to tokenizers * return confidence of best tag from AveragedPerceptron * make plot methods return Axes objects * don't require list arguments to PositiveNaiveBayesClassifier.train * fix Tree classes to work with native Python copy library * fix inconsistency for NomBank * fix random seeding in LanguageModel.generate * fix ConditionalFreqDist mutation on tabulate/plot call * fix broken links in documentation * fix misc Wordnet issues * update installation instructions Version update to 3.4.1: * add chomsky_normal_form for CFGs * add meteor score * add minimum edit/Levenshtein distance based alignment function * allow access to collocation list via text.collocation_list() * support corenlp server options * drop support for Python 3.4 * other minor fixes Update to v3.4: * Support Python 3.7 * New Language Modeling package * Cistem Stemmer for German * Support Russian National Corpus incl POS tag model * Krippendorf Alpha inter-rater reliability test * Comprehensive code clean-ups * Switch continuous integration from Jenkins to Travis Updated to v3.3: * Support Python 3.6 * New interface to CoreNLP * Support synset retrieval by sense key * Minor fixes to CoNLL Corpus Reader * AlignedSent * Fixed minor inconsistencies in APIs and API documentation * Better conformance to PEP8 * Drop Moses Tokenizer (incompatible license) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-436=1 Package List: - openSUSE Leap 15.1 (noarch): python2-nltk-3.4.5-lp151.4.3.1 python3-nltk-3.4.5-lp151.4.3.1 References: https://www.suse.com/security/cve/CVE-2019-14751.html https://bugzilla.suse.com/1146427 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org