File _patchinfo of Package patchinfo.13676

<patchinfo incident="13676">
  <issue tracker="jsc" id="SLE-9427"/>
  <issue tracker="jsc" id="SLE-9426"/>
  <issue tracker="bnc" id="1149121">python3-base fails on tests - test_weakref hangs</issue>
  <issue tracker="bnc" id="1159035">Unify python packages over different distributions</issue>
  <issue tracker="bnc" id="1088004">VUL-1: CVE-2018-1061: python,python3: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib</issue>
  <issue tracker="bnc" id="1083507">VUL-0: CVE-2017-18207: python,python3: The Wave_read._read_fmt_chunk function in Lib/wave.py does not ensure a nonzero channel value, which allows attackers to cause a denial of service</issue>
  <issue tracker="bnc" id="1129346">VUL-0: CVE-2019-9636: python3,python27: python: Information Disclosure due to urlsplit improper NFKC normalization</issue>
  <issue tracker="bnc" id="917607">package summary and description for python3 and python3-base are nearly the same</issue>
  <issue tracker="bnc" id="885882">VUL-0: CVE-2014-4650: python: CGIHTTPServer does not properly handle encoded URL</issue>
  <issue tracker="bnc" id="1159622">python3-idle with its giant dependencies should not be a python3-base subpackage</issue>
  <issue tracker="bnc" id="984751">VUL-1: CVE-2016-0772: python,python3: smtplib StartTLS stripping attack</issue>
  <issue tracker="bnc" id="747125">VUL-1: CVE-2012-0845: python: (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request</issue>
  <issue tracker="bnc" id="1109847">VUL-0: CVE-2018-14647: python,python3,python27: Missing salt initialization in _elementtree.c module</issue>
  <issue tracker="bnc" id="1088573">python3-base: enhancement for buildtime</issue>
  <issue tracker="bnc" id="1088009">VUL-1: CVE-2018-1060: python,python3: DOS via regular expression catastrophic backtracking in apop() method in pop3lib</issue>
  <issue tracker="bnc" id="1040164">Missing link to libpython3.6.so</issue>
  <issue tracker="bnc" id="834601">VUL-0: CVE-2013-4238: python: SSL module does not handle certificates that contain hostnames with NULL bytes</issue>
  <issue tracker="bnc" id="787526">%py3_incdir is pointing to buildroot path</issue>
  <issue tracker="bnc" id="743787">python3 on x64 can't import hashlib.</issue>
  <issue tracker="bnc" id="1151490">Regression of OpenSSL 1.1.1b-1 in EVP_PBE_scrypt() with salt=NULL</issue>
  <issue tracker="bnc" id="985177">VUL-1: CVE-2016-5636: python3,python: Heap overflow in zipimporter module</issue>
  <issue tracker="bnc" id="1029377">python3: _elementtree module is broken</issue>
  <issue tracker="bnc" id="1107030">python3 builds without -fwrapv option</issue>
  <issue tracker="bnc" id="989523">VUL-1: CVE-2016-1000110: python,python3: Python CGIHandler: sets environmental variable based on user supplied Proxy request header</issue>
  <issue tracker="bnc" id="751718">VUL-0: python: hash collision DoS</issue>
  <issue tracker="bnc" id="1109663">VUL-0: CVE-2018-1000802: python,python3,python27: Command injection in the shutil module</issue>
  <issue tracker="bnc" id="709442">Remove README.txt from python3-doc</issue>
  <issue tracker="bnc" id="1149955">VUL-0: CVE-2019-16056: python,python3,python36,python27: The email module wrongly parses email addresses</issue>
  <issue tracker="bnc" id="658604">Python distutils setup does not allow user installation of Python packages</issue>
  <issue tracker="bnc" id="1120644">VUL-1: CVE-2018-20406: python3: integer overflow via a large LONG_BINPUT value</issue>
  <issue tracker="bnc" id="885662">python-3.4 ensurepip is broken</issue>
  <issue tracker="bnc" id="983582">Python3 issues with distributed version 3.4.1</issue>
  <issue tracker="bnc" id="1081750">python tarfile uses random order</issue>
  <issue tracker="bnc" id="1141853">VUL-0: CVE-2018-20852: python,python3,python27: http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending cookies to the wrong server</issue>
  <issue tracker="bnc" id="942751">python3 test / missing __main__ module</issue>
  <issue tracker="bnc" id="871152">VUL-0: CVE-2014-2667: python3: race in mkdir()</issue>
  <issue tracker="bnc" id="637176">Python doesn't have the PEP 370 compatible lib64 path</issue>
  <issue tracker="bnc" id="1027282">Update python to 2.7.13 and python3 to 3.4.6</issue>
  <issue tracker="bnc" id="809831">virtualenv / easy_install broken for python 3</issue>
  <issue tracker="bnc" id="1133452">python3: broken debuginfo packages on SLE15</issue>
  <issue tracker="bnc" id="1042670">Python and python3 fail to build with openssl-1.1</issue>
  <issue tracker="bnc" id="1029902">Fatal Python error: failed to get random numbers to initialize Python3</issue>
  <issue tracker="bnc" id="985348">VUL-0: CVE-2016-5699: python,python3: http protocol steam injection attack</issue>
  <issue tracker="bnc" id="1086001">python tarfile uses random order</issue>
  <issue tracker="bnc" id="831629">python3-base test test_faulthandler fails on ppc64</issue>
  <issue tracker="bnc" id="1079761">[glibc2.27] python3-base fails to build</issue>
  <issue tracker="bnc" id="1138459">VUL-0: CVE-2019-10160: python,python3,python27: python: regression of  due to functional fix to allow port numbers in netloc</issue>
  <issue tracker="bnc" id="1137942">python3-base conflicts with python36-base</issue>
  <issue tracker="bnc" id="1153238">VUL-0: CVE-2019-16935: python,python3,python36,python27: XSS vulnerability in  the  documentation XML-RPC server in server_title field</issue>
  <issue tracker="bnc" id="673071">pyconfig has defines that break building of packages.</issue>
  <issue tracker="bnc" id="754677">VUL-1: python: Adaptive chosen plaintext attack against SSL</issue>
  <issue tracker="bnc" id="1094814">[Build 652.1] openQA test fails in ha_cluster_join</issue>
  <issue tracker="bnc" id="1122191">VUL-0: CVE-2019-5010: python,python3,python27: NULL pointer dereference using a specially crafted X509 certificate causes DOS</issue>
  <issue tracker="bnc" id="1070853">python3 : 2to3  causes python-ipaddr buildfailure</issue>
  <issue tracker="bnc" id="1130840">VUL-1: CVE-2019-9947: python,python3,python27: CRLF injection is possible if the attacker controls a url parameter</issue>
  <issue tracker="bnc" id="951166">python3 upstream issue #21121</issue>
  <issue tracker="bnc" id="754447">VUL-1: python: distutils creates ~/.pypirc insecurely</issue>
  <issue tracker="bnc" id="1149792">openssl 1.1.1c causes build failures in other packages</issue>
  <issue tracker="cve" id="2011-4944"/>
  <issue tracker="cve" id="2014-4650"/>
  <issue tracker="cve" id="2018-1000802"/>
  <issue tracker="cve" id="2014-2667"/>
  <issue tracker="cve" id="2019-16935"/>
  <issue tracker="cve" id="2018-1061"/>
  <issue tracker="cve" id="2017-18207"/>
  <issue tracker="cve" id="2019-10160"/>
  <issue tracker="cve" id="2016-0772"/>
  <issue tracker="cve" id="2016-5699"/>
  <issue tracker="cve" id="2019-5010"/>
  <issue tracker="cve" id="2019-16056"/>
  <issue tracker="cve" id="2011-3389"/>
  <issue tracker="cve" id="2012-1150"/>
  <issue tracker="cve" id="2019-9947"/>
  <issue tracker="cve" id="2012-0845"/>
  <issue tracker="cve" id="2018-20852"/>
  <issue tracker="cve" id="2018-14647"/>
  <issue tracker="cve" id="2019-15903"/>
  <issue tracker="cve" id="2019-9636"/>
  <issue tracker="cve" id="2016-1000110"/>
  <issue tracker="cve" id="2013-4238"/>
  <issue tracker="cve" id="2018-20406"/>
  <issue tracker="cve" id="2013-1752"/>
  <issue tracker="cve" id="2016-5636"/>
  <issue tracker="cve" id="2018-1060"/>
  <packager>mcepl</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for python3</summary>
  <description>This update for python3 to version 3.6.10 fixes the following issues:

- CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507).
- CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955).
- CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429).
</description>
</patchinfo>