Overview

File _patchinfo of Package patchinfo.8731

<patchinfo incident="8731">
  <issue id="1088004" tracker="bnc">VUL-1: CVE-2018-1061: python,python3: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib</issue>
  <issue id="1088009" tracker="bnc">VUL-1: CVE-2018-1060: python,python3: DOS via regular expression catastrophic backtracking in apop() method in pop3lib</issue>
  <issue id="2018-1060" tracker="cve" />
  <issue id="2018-1061" tracker="cve" />
  <issue id="1107030" tracker="bnc">python3 builds without -fwrapv option</issue>
  <issue tracker="bnc" id="1086001">python tarfile uses random order</issue>
  <category>security</category>
  <rating>moderate</rating>
  <packager>mcepl</packager>
  <description>This update for python3 provides the following fixes:

These security issues were fixed:

- CVE-2018-1061: Prevent catastrophic backtracking in the difflib.IS_LINE_JUNK
  method. An attacker could have used this flaw to cause denial of service
  (bsc#1088004).
- CVE-2018-1060: Prevent catastrophic backtracking in pop3lib's apop() method.
  An attacker could have used this flaw to cause denial of service (bsc#1088009).

These non-security issues were fixed:

- Sort files and directories when creating tarfile archives so that they are created in a
  more predictable way. (bsc#1086001)
- Add -fwrapv to OPTS (bsc#1107030)

This update was imported from the SUSE:SLE-12:Update update project.</description>
  <summary>Security update for python3</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places