Overview

File _patchinfo of Package patchinfo.8549

<patchinfo incident="8549">
  <issue id="1109663" tracker="bnc">VUL-0: CVE-2018-1000802: python,python3,python27: Command injection in the shutil module</issue>
  <issue id="2018-1000802" tracker="cve" />
  <issue tracker="bnc" id="1086001">python tarfile uses random order</issue>
  <issue tracker="bnc" id="1088004">VUL-1: CVE-2018-1061: python,python3: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib</issue>
  <issue tracker="bnc" id="1088009">VUL-1: CVE-2018-1060: python,python3: DOS via regular expression catastrophic backtracking in apop() method in pop3lib</issue>
  <issue tracker="cve" id="2018-1060"/>
  <issue tracker="cve" id="2018-1061"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>mcepl</packager>
  <description>This update for python, python-base fixes the following issues:

Security issues fixed:

- CVE-2018-1000802: Prevent command injection in shutil module (make_archive
  function) via passage of unfiltered user input (bsc#1109663).
- CVE-2018-1061: Fixed DoS via regular expression backtracking in
  difflib.IS_LINE_JUNK method in difflib (bsc#1088004).
- CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in
  apop() method in pop3lib (bsc#1088009).

Bug fixes:

- bsc#1086001: python tarfile uses random order.
</description>
  <summary>Security update for python, python-base</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places