File _patchinfo of Package patchinfo.21887

<patchinfo incident="21887">
  <issue tracker="bnc" id="1183374">VUL-0: CVE-2021-3426: python36,python3,python38,python39: information disclosure via pydoc</issue>
  <issue tracker="bnc" id="1189241">VUL-0: CVE-2021-3737: python3,python36,python38,python39,python27,python: infinitely reading potential HTTP headers after a 100 Continue status response from the server</issue>
  <issue tracker="bnc" id="1189287">VUL-0: CVE-2021-3733: python,python-base,python-doc,python27,python27-base,python27-doc,python3,python3-base,python36,python39: ReDoS in urllib.request</issue>
  <issue tracker="bnc" id="1180125">python update has new dependency ref:_00D1igLOd._5001iX9uE1:ref</issue>
  <issue tracker="bnc" id="1183858">python36-core is requiring python38-core</issue>
  <issue tracker="bnc" id="1185588">python39 provides python</issue>
  <issue tracker="bnc" id="1187668">python-base traceback due to mismatch  ref:_00D1igLOd._5001if0d8v:ref</issue>
  <issue tracker="cve" id="2021-3426"/>
  <issue tracker="cve" id="2021-3733"/>
  <issue tracker="cve" id="2021-3737"/>
  <packager>mcepl</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for python3</summary>
  <description>This update for python3 fixes the following issues:

- CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374).
- CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241).
- CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287).

- We do not require python-rpm-macros package (bsc#1180125).
- Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858).
- Stop providing "python" symbol, which means python2 currently (bsc#1185588).
- Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668).
</description>
</patchinfo>
openSUSE Build Service is sponsored by