CVE-2024-39705

Publication date 27 June 2024

Last updated 24 July 2024

Ubuntu priority

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
nltk	24.10 oracular	Ignored changes too intrusive
	24.04 LTS noble	Ignored changes too intrusive
	23.10 mantic	Ignored end of life, was needs-triage
	22.04 LTS jammy	Ignored changes too intrusive
	20.04 LTS focal	Ignored changes too intrusive
	18.04 LTS bionic	Ignored changes too intrusive
	16.04 LTS xenial	Ignored changes too intrusive
	14.04 LTS trusty	Ignored changes too intrusive

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2024-39705
https://github.com/nltk/nltk/issues/3266
https://github.com/nltk/nltk/issues/2522