products/SUSE_ALP_Standard
9
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
605aeb9fc4
SUSE_ALP_Standard/patchinfo.20240816152059851650.269002615871826/_patchinfo

82 lines
3.8 KiB
Plaintext
Raw Blame History

<patchinfo incident="23">
<!-- generated from request(s) 340705, 336997 -->
<issue tracker="bnc" id="831629">python3-base test test_faulthandler fails on ppc64</issue>
<issue tracker="bnc" id="1174091">VUL-1: CVE-2019-20907: python,python36,python3,python27: in Lib/tarfile.py an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation</issue>
<issue tracker="bnc" id="1189495">%autopatch missing -m and -M parameter</issue>
<issue tracker="bnc" id="1221854">VUL-0: CVE-2024-0450: python: The zipfile module is vulnerable to "quoted-overlap"</issue>
<issue tracker="bnc" id="1226447">VUL-0: CVE-2024-0397: python,python3,python310,python311,python312,python36,python39: memory race condition in ssl.SSLContext certificate store methods</issue>
<issue tracker="bnc" id="1226448">VUL-0: CVE-2024-4032: python,python3,python310,python311,python312,python36,python39: incorrect IPv4 and IPv6 private ranges</issue>
<issue tracker="bnc" id="1227378">/usr/bin/idle* don't have executable bits</issue>
<issue tracker="bnc" id="1228780">VUL-0: CVE-2024-6923: python,python3,python310,python311,python312,python36,python39: CPython : Email header injection due to unquoted newlines</issue>
<issue tracker="cve" id="2019-9947"/>
<issue tracker="cve" id="2019-20907"/>
<issue tracker="cve" id="2020-15523"/>
<issue tracker="cve" id="2020-15801"/>
<issue tracker="cve" id="2022-25236"/>
<issue tracker="cve" id="2023-52425"/>
<issue tracker="cve" id="2024-0397"/>
<issue tracker="cve" id="2024-0450"/>
<issue tracker="cve" id="2024-4032"/>
<issue tracker="cve" id="2024-6923"/>
<issue tracker="gh" id="openSUSE/python-rpm-macros#163"/>
<packager>mcepl</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for python311, python-rpm-macros</summary>
<description>This update for python311, python-rpm-macros fixes the following issues:
python311:
- CVE-2024-0450: Fixed zipfile module vulnerability with "quoted-overlap" zipbomb (bsc#1221854)
- CVE-2024-4032: Fixed incorrect IPv4 and IPv6 private ranges (bsc#1226448)
- CVE-2024-0397: Fixed memory race condition in ssl.SSLContext certificate store methods (bsc#1226447)
- CVE-2024-6923: Prevent email header injection due to unquoted newlines (bsc#1228780)
- Fixed executable bits for /usr/bin/idle* (bsc#1227378).
python-rpm-macros:
- Update to version 20240618.c146b29:
* Add %FLAVOR_pytest and %FLAVOR_pyunittest variants
- Update to version 20240618.1e386da:
* Fix python_clone sed regex
- Update to version 20240614.02920b8:
* Make sure that RPM_BUILD_ROOT env is set
* don't eliminate any cmdline arguments in the shebang line
* Create python313 macros
- Update to version 20240415.c664b45:
* Fix typo 310 -&gt; 312 in default-prjconf
- Update to version 20240202.501440e:
* SPEC0: Drop python39, add python312 to buildset (#169)
- Update to version 20231220.98427f3:
* fix python2_compile macro
- Update to version 20231207.46c2ec3:
* make FLAVOR_compile compatible with python2
- Update to version 20231204.dd64e74:
* Combine fix_shebang in one line
* New macro FLAVOR_fix_shebang_path
* Use realpath in %python_clone macro shebang replacement
* Compile and fix_shebang in %python_install macros
- Update to version 20231010.0a1f0d9:
* Revert "Compile and fix_shebang in %python_install macros"
* gh#openSUSE/python-rpm-macros#163
- Update to version 20231010.a32e110:
* Compile and fix_shebang in %python_install macros
- Update to version 20231005.bf2d3ab:
* Fix shebang also in sbin with macro _fix_shebang
</description>
<package>python-rpm-macros</package>
<package>python311</package>
<package>python311:base</package>
<package>python311:doc</package>
<seperate_build_arch/>
</patchinfo>
Reference in New Issue View Git Blame Copy Permalink