File _patchinfo of Package patchinfo.16064

<patchinfo incident="16064">
  <issue tracker="bnc" id="921588">VUL-0: python-PyYAML: assert failure when processing wrapped strings</issue>
  <issue tracker="bnc" id="1002895">update google-cloud-sdk</issue>
  <issue tracker="bnc" id="1073879">Provide python3 subpackages for existing packages</issue>
  <issue tracker="bnc" id="1082318">Packages must not mark license files as %doc</issue>
  <issue tracker="bnc" id="1099308">VUL-0: CVE-2017-18342: python-PyYAML: yaml.load() unsafe due to deserialization attack</issue>
  <issue tracker="bnc" id="1122668">[TRACKERBUG] FATE#326950 - Include cfn linter in the SLE 12 Public Cloud Module</issue>
  <issue tracker="bnc" id="1165439">VUL-0: CVE-2020-1747: python-PyYAML: PyYAML: arbitrary command execution through python/object/new when FullLoader is used</issue>
  <issue tracker="cve" id="2014-9130"/>
  <issue tracker="cve" id="2017-18342"/>
  <issue tracker="cve" id="2020-1747"/>
  <issue tracker="fate" id="324435"/>
  <issue tracker="fate" id="326950"/>
  <packager>glaubitz</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for python3-PyYAML</summary>
  <description>This update for python3-PyYAML fixes the following issues:

python3-PyYAML was updated to version 5.1.2 (fate#326950, bsc#1122668, jsc#PM-1447).

The following security issues were fixed:

- CVE-2020-1747: arbitrary code execution during python/object/* constructors (bsc#1165439).
- CVE-2017-18342: arbitrary code execution in yaml.load() API (bsc#1099308).
- CVE-2014-9130: assertion failure when processing wrapped strings (bsc#921588).

The following non-security issues were fixed:

- Build python3 subpackage (FATE#324435, bsc#1073879).
- Build against libyaml to get the faster module.
</description>
</patchinfo>