{"affected":[{"ecosystem_specific":{"binaries":[{"python2-nltk":"3.4.5-lp151.4.3.1","python3-nltk":"3.4.5-lp151.4.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"python-nltk","purl":"pkg:rpm/opensuse/python-nltk&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.4.5-lp151.4.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for python-nltk fixes the following issues:\n\nUpdate to 3.4.5 (boo#1146427, CVE-2019-14751):\n\n* CVE-2019-14751: Fixed Zip slip vulnerability in downloader for the\n  unlikely situation where a user configures their downloader to use\n  a compromised server (boo#1146427)\n\nUpdate to 3.4.4:\n\n* fix bug in plot function (probability.py)\n* add improved PanLex Swadesh corpus reader\n* add Text.generate()\n* add QuadgramAssocMeasures\n* add SSP to tokenizers\n* return confidence of best tag from AveragedPerceptron\n* make plot methods return Axes objects\n* don't require list arguments to PositiveNaiveBayesClassifier.train\n* fix Tree classes to work with native Python copy library\n* fix inconsistency for NomBank\n* fix random seeding in LanguageModel.generate\n* fix ConditionalFreqDist mutation on tabulate/plot call\n* fix broken links in documentation\n* fix misc Wordnet issues\n* update installation instructions\n\nVersion update to 3.4.1:\n\n* add chomsky_normal_form for CFGs\n* add meteor score\n* add minimum edit/Levenshtein distance based alignment function\n* allow access to collocation list via text.collocation_list()\n* support corenlp server options\n* drop support for Python 3.4\n* other minor fixes\n\nUpdate to v3.4:\n\n* Support Python 3.7\n* New Language Modeling package\n* Cistem Stemmer for German\n* Support Russian National Corpus incl POS tag model\n* Krippendorf Alpha inter-rater reliability test\n* Comprehensive code clean-ups\n* Switch continuous integration from Jenkins to Travis\n\nUpdated to v3.3:\n\n* Support Python 3.6\n* New interface to CoreNLP\n* Support synset retrieval by sense key\n* Minor fixes to CoNLL Corpus Reader\n* AlignedSent\n* Fixed minor inconsistencies in APIs and API documentation\n* Better conformance to PEP8\n* Drop Moses Tokenizer (incompatible license)\n","id":"openSUSE-SU-2020:0436-1","modified":"2020-03-31T14:23:34Z","published":"2020-03-31T14:23:34Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JQ6ZSSQHXJZYKCAD25PTWOW4FERVCB35/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1146427"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-14751"}],"related":["CVE-2019-14751"],"summary":"Security update for python-nltk","upstream":["CVE-2019-14751"]}