Overview

File _patchinfo of Package patchinfo.15577

<patchinfo incident="15577">
  <issue tracker="bnc" id="1088009">VUL-1: CVE-2018-1060: python,python3: DOS via regular expression catastrophic backtracking in apop() method in pop3lib</issue>
  <issue tracker="bnc" id="1130840">VUL-1: CVE-2019-9947: python,python3,python27: CRLF injection is possible if the attacker controls a url parameter</issue>
  <issue tracker="bnc" id="1174091">VUL-1: CVE-2019-20907: python,python36,python3,python27: in Lib/tarfile.py an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation</issue>
  <issue tracker="bnc" id="1088004">VUL-1: CVE-2018-1061: python,python3: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib</issue>
  <issue tracker="bnc" id="1162423">python3 apply patch for PEP-538</issue>
  <issue tracker="bnc" id="1141853">VUL-0: CVE-2018-20852: python,python3,python27: http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending cookies to the wrong server</issue>
  <issue tracker="bnc" id="1173274">VUL-0: CVE-2020-14422: python,python36,python3: Lib/ipaddress.py improperly computes hash values in the IPv4Interface and IPv6Interface classes</issue>
  <issue tracker="bnc" id="1153238">VUL-0: CVE-2019-16935: python,python3,python36,python27: XSS vulnerability in  the  documentation XML-RPC server in server_title field</issue>
  <issue tracker="bnc" id="1174701"></issue>
  <issue tracker="bnc" id="1149955">VUL-0: CVE-2019-16056: python,python3,python36,python27: The email module wrongly parses email addresses</issue>
  <issue tracker="cve" id="2020-14422"/>
  <issue tracker="cve" id="2018-14647"/>
  <issue tracker="cve" id="2019-16935"/>
  <issue tracker="cve" id="2019-20907"/>
  <issue tracker="cve" id="2019-16056"/>
  <issue tracker="cve" id="2019-9947"/>
  <issue tracker="cve" id="2018-20852"/>
  <packager>mcepl</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for python3</summary>
  <description>This update for python3 fixes the following issues:

- CVE-2019-20907: Fixed denial of service by avoiding possible infinite loop in specifically crafted tarball (bsc#1174091).
- CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface 
  could have led to denial of service (bsc#1173274).
- CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238).
- CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840).
- If the locale is "C", coerce it to C.UTF-8 (bsc#1162423).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places