Security update for python
This update for python fixes the following issues:
Security issues fixed:
- CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen().
Now an InvalidURL exception is raised (bsc#1155094).
- CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Matej Cepl (mcepl)
Fixed bugs
bnc#1162825
VUL-1: CVE-2019-9674: python,python36,python3,python27: Lib/zipfile.py allows remote attackers to cause a denial of service via a ZIP bomb
bnc#1155094
VUL-0: CVE-2019-18348: python,python36,python3,python27: CRLF injection via the host part of the url passed to urlopen()
