Overview

File _patchinfo of Package patchinfo.19472

<patchinfo incident="19472">
  <issue tracker="bnc" id="1102408">trackerbug: packages do not build reproducibly from race conditions</issue>
  <issue tracker="bnc" id="1182422">[TRACKERBUG] Update botocore, boto3 and aws-cli in the SLE-15 Public Cloud Module</issue>
  <issue tracker="bnc" id="1138746">[Build 20190618] openQA Leap upgrade test fails in await_install - python2-urllib3 missing Obsoletes/Provides</issue>
  <issue tracker="bnc" id="1176389">Test test.test_os.UtimeTests.test_utime_current fails on some architectures (s390x)</issue>
  <issue tracker="bnc" id="1177120">VUL-0: CVE-2020-26137: python-urllib3: CRLF injection via HTTP request method</issue>
  <issue tracker="bnc" id="1182421">[TRACKERBUG] Update botocore, boto3 and aws-cli in the SLE-12 Public Cloud Module</issue>
  <issue tracker="bnc" id="1138715">[Build 20190618] python-urllib2 upgrade issues</issue>
  <issue tracker="jsc" id="ECO-3352"/>
  <issue tracker="jsc" id="PM-2485"/>
  <issue tracker="cve" id="2020-26137"/>
  <packager>glaubitz</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3</summary>
  <description>This patch updates the Python AWS SDK stack in SLE 15:

General:

# aws-cli

- Version updated to upstream release v1.19.9
  For a detailed list of all changes, please refer to the changelog file of this package.

# python-boto3

- Version updated to upstream release 1.17.9
  For a detailed list of all changes, please refer to the changelog file of this package.

# python-botocore

- Version updated to upstream release 1.20.9
  For a detailed list of all changes, please refer to the changelog file of this package.

# python-urllib3

- Version updated to upstream release 1.25.10
  For a detailed list of all changes, please refer to the changelog file of this package.

# python-service_identity

- Added this new package to resolve runtime dependencies for other packages.
  Version: 18.1.0

# python-trustme

- Added this new package to resolve runtime dependencies for other packages.
  Version: 0.6.0

Security fixes:

# python-urllib3:
  
- CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated
  by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places