File _patchinfo of Package patchinfo.21887
<patchinfo incident="21887">
<issue tracker="bnc" id="1183374">VUL-0: CVE-2021-3426: python36,python3,python38,python39: information disclosure via pydoc</issue>
<issue tracker="bnc" id="1189241">VUL-0: CVE-2021-3737: python3,python36,python38,python39,python27,python: infinitely reading potential HTTP headers after a 100 Continue status response from the server</issue>
<issue tracker="bnc" id="1189287">VUL-0: CVE-2021-3733: python,python-base,python-doc,python27,python27-base,python27-doc,python3,python3-base,python36,python39: ReDoS in urllib.request</issue>
<issue tracker="bnc" id="1180125">python update has new dependency ref:_00D1igLOd._5001iX9uE1:ref</issue>
<issue tracker="bnc" id="1183858">python36-core is requiring python38-core</issue>
<issue tracker="bnc" id="1185588">python39 provides python</issue>
<issue tracker="bnc" id="1187668">python-base traceback due to mismatch ref:_00D1igLOd._5001if0d8v:ref</issue>
<issue tracker="cve" id="2021-3426"/>
<issue tracker="cve" id="2021-3733"/>
<issue tracker="cve" id="2021-3737"/>
<packager>mcepl</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Security update for python3</summary>
<description>This update for python3 fixes the following issues:
- CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374).
- CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241).
- CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287).
- We do not require python-rpm-macros package (bsc#1180125).
- Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858).
- Stop providing "python" symbol, which means python2 currently (bsc#1185588).
- Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668).
</description>
</patchinfo>