Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
patchinfo.15577
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.15577
<patchinfo incident="15577"> <issue tracker="bnc" id="1088009">VUL-1: CVE-2018-1060: python,python3: DOS via regular expression catastrophic backtracking in apop() method in pop3lib</issue> <issue tracker="bnc" id="1130840">VUL-1: CVE-2019-9947: python,python3,python27: CRLF injection is possible if the attacker controls a url parameter</issue> <issue tracker="bnc" id="1174091">VUL-1: CVE-2019-20907: python,python36,python3,python27: in Lib/tarfile.py an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation</issue> <issue tracker="bnc" id="1088004">VUL-1: CVE-2018-1061: python,python3: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib</issue> <issue tracker="bnc" id="1162423">python3 apply patch for PEP-538</issue> <issue tracker="bnc" id="1141853">VUL-0: CVE-2018-20852: python,python3,python27: http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending cookies to the wrong server</issue> <issue tracker="bnc" id="1173274">VUL-0: CVE-2020-14422: python,python36,python3: Lib/ipaddress.py improperly computes hash values in the IPv4Interface and IPv6Interface classes</issue> <issue tracker="bnc" id="1153238">VUL-0: CVE-2019-16935: python,python3,python36,python27: XSS vulnerability in the documentation XML-RPC server in server_title field</issue> <issue tracker="bnc" id="1174701"></issue> <issue tracker="bnc" id="1149955">VUL-0: CVE-2019-16056: python,python3,python36,python27: The email module wrongly parses email addresses</issue> <issue tracker="cve" id="2020-14422"/> <issue tracker="cve" id="2018-14647"/> <issue tracker="cve" id="2019-16935"/> <issue tracker="cve" id="2019-20907"/> <issue tracker="cve" id="2019-16056"/> <issue tracker="cve" id="2019-9947"/> <issue tracker="cve" id="2018-20852"/> <packager>mcepl</packager> <rating>important</rating> <category>security</category> <summary>Security update for python3</summary> <description>This update for python3 fixes the following issues: - CVE-2019-20907: Fixed denial of service by avoiding possible infinite loop in specifically crafted tarball (bsc#1174091). - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). - If the locale is "C", coerce it to C.UTF-8 (bsc#1162423). </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor