File _patchinfo of Package patchinfo.30821

<patchinfo incident="30821">
  <issue tracker="cve" id="2023-24329"/>
  <issue tracker="cve" id="2023-40217"/>
  <issue tracker="cve" id="2023-0286"/>
  <issue tracker="cve" id="2023-2650"/>
  <issue tracker="cve" id="2023-0466"/>
  <issue tracker="cve" id="2007-4559"/>
  <issue tracker="cve" id="2023-0464"/>
  <issue tracker="cve" id="2022-4303"/>
  <issue tracker="cve" id="2023-0465"/>
  <issue tracker="bnc" id="1203750">VUL-0: CVE-2007-4559: python36,python3,python39,python310,python,python27: python tarfile module directory traversal</issue>
  <issue tracker="bnc" id="1214692">VUL-0: CVE-2023-40217: python,python3,python39,python36,python310,python311: Bypass TLS handshake on closed sockets</issue>
  <issue tracker="bnc" id="1208471">VUL-0: CVE-2023-24329: python,python3,python27,python36,python39,python310: blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters</issue>
  <packager>dgarcia</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for python39</summary>
  <description>This update for python39 fixes the following issues:

Update to 3.9.18.

- CVE-2007-4559: Fixed python tarfile module directory traversal (bsc#1203750).
- CVE-2023-40217: Fixed TLS handshake on closed sockets bypass (bsc#1214692).
- CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).
</description>
</patchinfo>