File _patchinfo of Package patchinfo.33974

<patchinfo incident="33974">
  <issue tracker="cve" id="2023-52425"/>
  <issue tracker="cve" id="2024-0450"/>
  <issue tracker="cve" id="2024-4032"/>
  <issue tracker="cve" id="2024-0397"/>
  <issue tracker="bnc" id="1226448">VUL-0: CVE-2024-4032: python,python3,python310,python311,python312,python36,python39: incorrect IPv4 and IPv6 private ranges</issue>
  <issue tracker="bnc" id="1226447">VUL-0: CVE-2024-0397: python,python3,python310,python311,python312,python36,python39: memory race condition in ssl.SSLContext certificate store methods</issue>
  <issue tracker="bnc" id="1222075">VUL-0: CVE-2023-52425: python,python3,python310,python311,python36,python39: expat: denial of service (resource consumption) caused by processing large tokens</issue>
  <issue tracker="bnc" id="1221854">VUL-0: CVE-2024-0450: python: The zipfile module is vulnerable to "quoted-overlap"</issue>
  <issue tracker="bnc" id="1220664">PTF request for VUL-0 libexpat CVE-2023-52425 [ref:!00D1i0gLOd.!500Tr05Dxlo:ref]</issue>
  <issue tracker="bnc" id="1219559">VUL-0: CVE-2023-52425: expat: denial of service (resource consumption) caused by processing large tokens</issue>
  <issue tracker="bnc" id="1221563">CVE-L3: [EAR - NOT FOR USA Citizens] PTF request for expat and CVE CVE-2023-52425 for SLES 12 SP5 - TW</issue>
  <packager>mcepl</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for python3</summary>
  <description>This update for python3 fixes the following issues:

- CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559).
- CVE-2024-0450: Fixed detecting the vulnerability of "quoted-overlap" zipbomb (bsc#1221854).
- CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
- CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447)
</description>
</patchinfo>