File _patchinfo of Package patchinfo.31457

<patchinfo incident="31457">
  <issue tracker="bnc" id="1196025"> VUL-0: CVE-2022-25236: expat: xmlparse.c in Expat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.</issue>
  <issue tracker="bnc" id="1210638">VUL-0: CVE-2023-27043: python39,python310,python27,python,python36,python3,python311: The e-mail module of Python 0 - 2.7.18, 3.x - 3.11 incorrectly parses e-mail addresses which contain a special character</issue>
  <issue tracker="bnc" id="1212015">VUL-0: python3-pip,python310-pip,python311-pip: unnecessary windows exe files shipped</issue>
  <issue tracker="bnc" id="1214692">VUL-0: CVE-2023-40217: python,python3,python39,python36,python310,python311: Bypass TLS handshake on closed sockets</issue>
  <issue tracker="bnc" id="1215454">CVE-2023-40217 on SLES 12 SP2 Reactive LTSS: python python3</issue>
  <issue tracker="bnc" id="1219666">VUL-0: CVE-2023-6597: python,python3,python310,python311,python36,python39: tempfile.TemporaryDirectory fails removing dir in some edge cases related to symlinks</issue>
  <issue tracker="cve" id="2022-25236"/>
  <issue tracker="cve" id="2023-27043"/>
  <issue tracker="cve" id="2023-40217"/>
  <issue tracker="cve" id="2023-6597"/>
  <issue tracker="jsc" id="PED-7886"/>
  <issue tracker="jsc" id="SLE-21253"/>
  <packager>mcepl</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for python39</summary>
  <description>This update for python39 fixes the following issues:

- CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666).
- CVE-2023-27043: Fixed incorrect e-mqil parsing (bsc#1210638).
- CVE-2023-40217: Fixed a ssl.SSLSocket TLS bypass vulnerability where data is sent unencrypted (bsc#1214692).
- CVE-2022-25236: Fixed an expat vulnerability by supporting expat &gt;= 2.4.4 (bsc#1212015).
</description>
</patchinfo>