Overview

File _patchinfo of Package patchinfo.33975

<patchinfo incident="33975">
  <issue tracker="cve" id="2023-52425"/>
  <issue tracker="cve" id="2024-0450"/>
  <issue tracker="bnc" id="1221854">VUL-0: CVE-2024-0450: python: The zipfile module is vulnerable to "quoted-overlap"</issue>
  <issue tracker="bnc" id="1220664">PTF request for VUL-0 libexpat CVE-2023-52425 [ref:!00D1i0gLOd.!500Tr05Dxlo:ref]</issue>
  <issue tracker="bnc" id="1222075">VUL-0: CVE-2023-52425: python,python3,python310,python311,python36,python39: expat: denial of service (resource consumption) caused by processing large tokens</issue>
  <issue tracker="bnc" id="1221563">CVE-L3: [EAR - NOT FOR USA Citizens] PTF request for expat and CVE CVE-2023-52425 for SLES 12 SP5 - TW</issue>
  <issue tracker="bnc" id="1219559">VUL-0: CVE-2023-52425: expat: denial of service (resource consumption) caused by processing large tokens</issue>
  <packager>mcepl</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for python3</summary>
  <description>This update for python3 fixes the following issues:

- CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559).
- CVE-2024-0450: Fixed detecting the vulnerability of "quoted-overlap" zipbomb (bsc#1221854).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places