Fix *.changes

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=150
2024-03-22 09:14:13 +00:00 · 2024-03-22 09:14:13 +00:00 · 1084a46358
commit 1084a46358
parent 9921186373
1 changed files with 5 additions and 3 deletions
--- a/python38.changes
+++ b/python38.changes
@ -4,7 +4,7 @@ Thu Mar 21 20:29:12 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
 - Update to 3.8.19:
  - Security
    - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
-      (CVE-2023-52425) by adding five new methods:
+      (CVE-2023-52425, bsc#1219559) by adding five new methods:
        xml.etree.ElementTree.XMLParser.flush()
        xml.etree.ElementTree.XMLPullParser.flush()
        xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
@ -26,7 +26,8 @@ Thu Mar 21 20:29:12 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
      socket.if_indextoname() on 64-bit non-Windows platforms.
    - gh-109858: Protect zipfile from “quoted-overlap”
      zipbomb. It now raises BadZipFile when try to read an entry
-      that overlaps with other entry or central directory.
+      that overlaps with other entry or central directory
+      (CVE-2024-0450, bsc#1221854).
    - gh-107077: Seems that in some conditions, OpenSSL will
      return SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL
      when a certification verification has failed, but
@ -36,7 +37,8 @@ Thu Mar 21 20:29:12 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
      ssl.SSLCertVerificationError. Patch by Pablo Galindo
    - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup,
      which now no longer dereferences symlinks when working
-      around file system permission errors.
+      around file system permission errors (CVE-2023-6597,
+      bsc#1219666).
  - Documentation
    - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under
      “XML vulnerabilities”.