File _patchinfo of Package patchinfo.33823

<patchinfo incident="33823">
  <issue tracker="bnc" id="1220970">GCC 14: python package fails</issue>
  <issue tracker="bnc" id="1219559">VUL-0: CVE-2023-52425: expat: denial of service (resource consumption) caused by processing large tokens</issue>
  <issue tracker="bnc" id="1214675">VUL-0: CVE-2022-48560: python3: A use-after-free exists in Python through 3.9 via heappushpop in heapq</issue>
  <issue tracker="bnc" id="1219306">[TRACKER] Remove python2 from openSUSE:Factory</issue>
  <issue tracker="bnc" id="1222537">L3-Question: python2: After applying patch SUSE-SLE-SERVER-12-SP5-2024-437  '5.1.3 Bad recipient address syntax'.</issue>
  <issue tracker="bnc" id="1221854">VUL-0: CVE-2024-0450: python: The zipfile module is vulnerable to "quoted-overlap"</issue>
  <issue tracker="cve" id="2023-27043"/>
  <issue tracker="cve" id="2022-48560"/>
  <issue tracker="cve" id="2023-52425"/>
  <issue tracker="cve" id="2024-0450"/>
  <packager>mcepl</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for python</summary>
  <description>This update for python fixes the following issues:

- CVE-2023-52425: Fixed using the system libexpat (bsc#1219559).
- CVE-2023-27043: Modifed fix for unicode string handling in email.utils.parseaddr() (bsc#1222537).
- CVE-2022-48560: Fixed use-after-free in Python via heappushpop in heapq (bsc#1214675).
- CVE-2024-0450: Detect the vulnerability of the "quoted-overlap" zipbomb (bsc#1221854).

Bug fixes:

- Switch off tests. ONLY FOR FACTORY!!! (bsc#1219306).
- Build with -std=gnu89 to build correctly with gcc14 (bsc#1220970).
- Switch from %patchN style to the %patch -P N one.
</description>
</patchinfo>