openSUSE Security Update: Security update for python-nltk ______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0436-1 Rating: moderate References: #1146427 Cross-References: CVE-2019-14751 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-nltk fixes the following issues:
Update to 3.4.5 (boo#1146427, CVE-2019-14751):
* CVE-2019-14751: Fixed Zip slip vulnerability in downloader for the unlikely situation where a user configures their downloader to use a compromised server (boo#1146427)
Update to 3.4.4:
* fix bug in plot function (probability.py) * add improved PanLex Swadesh corpus reader * add Text.generate() * add QuadgramAssocMeasures * add SSP to tokenizers * return confidence of best tag from AveragedPerceptron * make plot methods return Axes objects * don't require list arguments to PositiveNaiveBayesClassifier.train * fix Tree classes to work with native Python copy library * fix inconsistency for NomBank * fix random seeding in LanguageModel.generate * fix ConditionalFreqDist mutation on tabulate/plot call * fix broken links in documentation * fix misc Wordnet issues * update installation instructions
Version update to 3.4.1:
* add chomsky_normal_form for CFGs * add meteor score * add minimum edit/Levenshtein distance based alignment function * allow access to collocation list via text.collocation_list() * support corenlp server options * drop support for Python 3.4 * other minor fixes
Update to v3.4:
* Support Python 3.7 * New Language Modeling package * Cistem Stemmer for German * Support Russian National Corpus incl POS tag model * Krippendorf Alpha inter-rater reliability test * Comprehensive code clean-ups * Switch continuous integration from Jenkins to Travis
Updated to v3.3:
* Support Python 3.6 * New interface to CoreNLP * Support synset retrieval by sense key * Minor fixes to CoNLL Corpus Reader * AlignedSent * Fixed minor inconsistencies in APIs and API documentation * Better conformance to PEP8 * Drop Moses Tokenizer (incompatible license)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-436=1
Package List:
- openSUSE Leap 15.1 (noarch):
python2-nltk-3.4.5-lp151.4.3.1 python3-nltk-3.4.5-lp151.4.3.1
References:
https://www.suse.com/security/cve/CVE-2019-14751.html https://bugzilla.suse.com/1146427
security-announce@lists.opensuse.org