Overview

File _patchinfo of Package patchinfo.2770

<patchinfo incident="2770">
  <issue id="984751" tracker="bnc">VUL-1: CVE-2016-0772: python,python3: smtplib StartTLS stripping attack</issue>
  <issue id="985177" tracker="bnc">VUL-1:  CVE-2016-5636: python3,python: Heap overflow in zipimporter module</issue>
  <issue id="989523" tracker="bnc">VUL-1: CVE-2016-1000110: python,python3: Python CGIHandler: sets environmental variable based on user supplied Proxy request header</issue>
  <issue id="985348" tracker="bnc">VUL-0: CVE-2016-5699: python,python3: http protocol steam injection attack</issue>
  <issue id="2016-1000110" tracker="cve" />
  <issue id="2016-0772" tracker="cve" />
  <issue id="2016-5699" tracker="cve" />
  <issue id="2016-5636" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>matejcik</packager>
  <description>
This update for python fixes the following issues:

- CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751)
- CVE-2016-5636: heap overflow when importing malformed zip files (bsc#985177)
- CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348)
- CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523)
</description>
  <summary>Security update for python</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places