Overview

File _patchinfo of Package patchinfo.2695

<patchinfo>
  <issue id="869222" tracker="bnc">VUL-0: CVE-2013-7338: python: denial of service (endless loop) via corrupted ZIP files</issue>
  <issue id="856835" tracker="bnc">VUL-1: CVE-2013-1753: python: gzip decompression bomb</issue>
  <issue id="856836" tracker="bnc">VUL-1: CVE-2013-1752: python: various stdlib read flaws</issue>
  <issue id="863741" tracker="bnc">VUL-0: CVE-2014-1912: python: buffer overflow in socket.recvfrom_into</issue>
  <issue id="CVE-2013-7338" tracker="cve" />
  <issue id="CVE-2013-1752" tracker="cve" />
  <issue id="CVE-2013-1753" tracker="cve" />
  <issue id="CVE-2013-4238" tracker="cve" />
  <issue id="CVE-2014-1912" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>matejcik</packager>
  <description>
Python was updated to 3.3.5 fixing bugs and security issues:

* bugfix-only release, closes several security bugs
* CVE-2013-1752 (bnc#856836) - DoS flaws with unbounded reads 
  from network
* disable SSLv2 by default
* DoS on maliciously crafted zip files (CVE-2013-7338, bnc#869222)
* CGIHttpRequestHandler directory traversal
* gzip decompression bomb in xmlrpc client (CVE-2013-1753, bnc#856835)
  xmlrpc_gzip_33.patch
* potential buffer overflow in recvfrom_into (CVE-2014-1912, bnc#863741)
* hundreds of non-security-related bugfixes
</description>
  <summary>python3: security and bugfix update to 3.3.5</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places