Overview

File _patchinfo of Package patchinfo.11120

<patchinfo incident="11120">
  <issue tracker="cve" id="2019-9947"/>
  <issue tracker="bnc" id="1130840">VUL-1: CVE-2019-9947: python,python3,python27: CRLF injection is possible if the attacker controls a url parameter</issue>
  <issue tracker="bnc" id="1133452">python3: broken debuginfo packages on SLE15</issue>
  <packager>mcepl</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for python3</summary>
  <description>This update for python3 to version 3.6.8 fixes the following issues:

Security issue fixed:

- CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840).

Non-security issue fixed:

- Fixed broken debuginfo packages by switching off LTO and PGO optimization (bsc#1133452).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places