[security-announce] openSUSE-SU-2020:0436-1: moderate: Security update for python-nltk - openSUSE Security Announce

31 Mar 2020


      openSUSE Security Update: Security update for python-nltk
______________________________________________________________________________
Announcement ID:    openSUSE-SU-2020:0436-1
Rating:             moderate
References:         #1146427 
Cross-References:   CVE-2019-14751
Affected Products:
                    openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-nltk fixes the following issues:
Update to 3.4.5 (boo#1146427, CVE-2019-14751):
* CVE-2019-14751: Fixed Zip slip vulnerability in downloader for the
     unlikely situation where a user configures their downloader to use a
     compromised server (boo#1146427)
Update to 3.4.4:
* fix bug in plot function (probability.py)
   * add improved PanLex Swadesh corpus reader
   * add Text.generate()
   * add QuadgramAssocMeasures
   * add SSP to tokenizers
   * return confidence of best tag from AveragedPerceptron
   * make plot methods return Axes objects
   * don't require list arguments to PositiveNaiveBayesClassifier.train
   * fix Tree classes to work with native Python copy library
   * fix inconsistency for NomBank
   * fix random seeding in LanguageModel.generate
   * fix ConditionalFreqDist mutation on tabulate/plot call
   * fix broken links in documentation
   * fix misc Wordnet issues
   * update installation instructions
Version update to 3.4.1:
* add chomsky_normal_form for CFGs
   * add meteor score
   * add minimum edit/Levenshtein distance based alignment function
   * allow access to collocation list via text.collocation_list()
   * support corenlp server options
   * drop support for Python 3.4
   * other minor fixes
Update to v3.4:
* Support Python 3.7
   * New Language Modeling package
   * Cistem Stemmer for German
   * Support Russian National Corpus incl POS tag model
   * Krippendorf Alpha inter-rater reliability test
   * Comprehensive code clean-ups
   * Switch continuous integration from Jenkins to Travis
Updated to v3.3:
* Support Python 3.6
   * New interface to CoreNLP
   * Support synset retrieval by sense key
   * Minor fixes to CoNLL Corpus Reader
   * AlignedSent
   * Fixed minor inconsistencies in APIs and API documentation
   * Better conformance to PEP8
   * Drop Moses Tokenizer (incompatible license)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-436=1
Package List:
- openSUSE Leap 15.1 (noarch):
python2-nltk-3.4.5-lp151.4.3.1
      python3-nltk-3.4.5-lp151.4.3.1
References:
https://www.suse.com/security/cve/CVE-2019-14751.html
   https://bugzilla.suse.com/1146427
-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org