Overview

File _patchinfo of Package patchinfo.30895

<patchinfo incident="30895">
  <issue tracker="bnc" id="1214691">VUL-0: CVE-2022-48566: python-base,python36,python3,python: Use CRYPTO_memcmp() for compare_digest</issue>
  <issue tracker="bnc" id="1214685">VUL-0: CVE-2022-48565: python3,python,python3: Avoid plistlib XML vulnerabilities by rejecting entity directives</issue>
  <issue tracker="cve" id="2022-48566"/>
  <issue tracker="cve" id="2022-48565"/>
  <packager>mcepl</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for python</summary>
  <description>This update for python fixes the following issues:

- CVE-2022-48566: Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. (bsc#1214691)
- CVE-2022-48565: Fixed an XXE in the plistlib module. (bsc#1214685)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places