File _patchinfo of Package patchinfo.26740

<patchinfo incident="26740">
  <issue tracker="cve" id="2022-42919"/>
  <issue tracker="cve" id="2022-45061"/>
  <issue tracker="bnc" id="1205244">VUL-0: CVE-2022-45061: python39,python3,python310,python36,python,python27: quadratic time IDNA decoding</issue>
  <issue tracker="bnc" id="1204886">VUL-0: CVE-2022-42919: python39,python310: python: local privilege escalation via the multiprocessing forkserver start method</issue>
  <packager>mcepl</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for python39</summary>
  <description>This update for python39 fixes the following issues:

Security fixes:

- CVE-2022-42919: Fixed local privilege escalation via the multiprocessing forkserver start method (bsc#1204886).
- CVE-2022-45061: Fixed a quadratic IDNA decoding time (bsc#1205244).

Other fixes:

- Allow building of documentation with the latest Sphinx 5.3.0 (gh#python/cpython#98366).
  
- Update to 3.9.15:
  - Fix multiplying a list by an integer (list *= int): detect
    the integer overflow when the new allocated length is close
    to the maximum size.
  - Fix a shell code injection vulnerability in the
    get-remote-certificate.py example script. The script no
    longer uses a shell to run openssl commands. (originally
    filed as CVE-2022-37460, later withdrawn)
  - Fix command line parsing: reject -X int_max_str_digits option
    with no value (invalid) when the PYTHONINTMAXSTRDIGITS
    environment variable is set to a valid limit.
  - When ValueError is raised if an integer is larger than the
    limit, mention the sys.set_int_max_str_digits() function in
    the error message.
  - Update bundled libexpat to 2.4.9
</description>
</patchinfo>