Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
patchinfo.3539
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.3539
<patchinfo incident="3539"> <issue id="991069" tracker="bnc">python 3.4.5 minor version update</issue> <issue id="951166" tracker="bnc">python3 upstream issue #21121</issue> <issue id="983582" tracker="bnc">Python3 issues with distributed version 3.4.1</issue> <issue id="984751" tracker="bnc">CVE-2016-0772: python,python3: smtplib StartTLS stripping attack</issue> <issue id="989523" tracker="bnc">CVE-2016-1000110: python,python3: Python CGIHandler: sets environmental variable based on user supplied Proxy request header</issue> <issue id="985177" tracker="bnc">CVE-2016-5636: python3,python: Heap overflow in zipimporter module</issue> <issue id="985348" tracker="bnc">CVE-2016-5699: python,python3: http protocol steam injection attack</issue> <issue id="2016-1000110" tracker="cve"/> <issue id="2016-0772" tracker="cve"/> <issue id="2016-5636" tracker="cve"/> <issue id="2016-5699" tracker="cve"/> <issue id="320949" tracker="fate"/> <category>security</category> <rating>moderate</rating> <packager>matejcik</packager> <description> This update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed: - CVE-2016-1000110: CGIHandler could have allowed setting of HTTP_PROXY environment variable based on user supplied Proxy request header. (bsc#989523) - CVE-2016-0772: A vulnerability in smtplib could have allowed a MITM attacker to perform a startTLS stripping attack. (bsc#984751) - CVE-2016-5636: A heap overflow in Python's zipimport module. (bsc#985177) - CVE-2016-5699: A header injection flaw in urrlib2/urllib/httplib/http.client. (bsc#985348) The update also includes the following non-security fixes: - Don't force 3rd party C extensions to be built with -Werror=declaration-after-statement. (bsc#951166) - Make urllib proxy var handling behave as usual on POSIX. (bsc#983582) For a comprehensive list of changes please refer to the upstream change log: https://docs.python.org/3.4/whatsnew/changelog.html </description> <summary>Security update for python3</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
