Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
patchinfo.12557
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.12557
<patchinfo incident="12557"> <issue tracker="bnc" id="1130840">VUL-1: CVE-2019-9947: python,python3,python27: CRLF injection is possible if the attacker controls a url parameter</issue> <issue tracker="bnc" id="1149955">VUL-0: CVE-2019-16056: python,python3,python27: The email module wrongly parses email addresses</issue> <issue tracker="bnc" id="1153238">VUL-0: CVE-2019-16935: python,python3,python36,python27: XSS vulnerability in the documentation XML-RPC server in server_title field</issue> <issue tracker="cve" id="2019-9947"/> <issue tracker="cve" id="2019-16056"/> <issue tracker="cve" id="2019-16935"/> <packager>mcepl</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for python</summary> <description>This update for python fixes the following issues: Security issues fixed: - CVE-2019-9947: Fixed an insufficient validation of URL paths with embedded whitespace or control characters that could allow HTTP header injections. (bsc#1130840) - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor