Errata overview
Errata ID 259
Date 2018-10-04
Source package python3.5
Fixed in version 3.5.3-1+deb9u1
Description 
This update addresses the following issues:
* Integer overflow in PyString_DecodeEscape results in heap-base buffer
  overflow (CVE-2017-1000158)
* DOS via regular expression catastrophic backtracking in apop() method in
  pop3lib (CVE-2018-1060)
* DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in
  difflib (CVE-2018-1061)
* Missing salt initialization in _elementtree.c module (CVE-2018-14647)
Additional notes
CVE ID CVE-2017-1000158
CVE-2018-1060
CVE-2018-1061
CVE-2018-14647
UCS Bug number #47891