File _patchinfo of Package patchinfo.2771

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.2771

<patchinfo incident="2771">
  <issue id="984751" tracker="bnc">VUL-1: CVE-2016-0772: python,python3: smtplib StartTLS stripping attack</issue>
  <issue id="985177" tracker="bnc">VUL-1: CVE-2016-5636: python3,python: Heap overflow in zipimporter module</issue>
  <issue id="989523" tracker="bnc">VUL-1: CVE-2016-1000110: python,python3: Python CGIHandler: sets environmental variable based on user supplied Proxy request header</issue>
  <issue id="985348" tracker="bnc">VUL-0: CVE-2016-5699: python,python3: http protocol steam injection attack</issue>
  <issue tracker="bnc" id="1122191">VUL-0: CVE-2019-5010: python,python3,python27: NULL pointer dereference using a specially crafted X509 certificate causes DOS</issue>
  <issue id="2016-1000110" tracker="cve" />
  <issue id="2016-0772" tracker="cve" />
  <issue id="2016-5699" tracker="cve" />
  <issue id="2016-5636" tracker="cve" />
  <issue id="2019-5010" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>matejcik</packager>
  <description>This update for python fixes the following issues:

Security issues fixed:

- CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751)
- CVE-2016-5636: heap overflow when importing malformed zip files (bsc#985177)
- CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348)
- CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523)
- CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191)
</description>
  <summary>Security update for python</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.2771

Places