Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.6:Update
patchinfo.26740
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.26740
<patchinfo incident="26740"> <issue tracker="cve" id="2022-42919"/> <issue tracker="cve" id="2022-45061"/> <issue tracker="bnc" id="1205244">VUL-0: CVE-2022-45061: python39,python3,python310,python36,python,python27: quadratic time IDNA decoding</issue> <issue tracker="bnc" id="1204886">VUL-0: CVE-2022-42919: python39,python310: python: local privilege escalation via the multiprocessing forkserver start method</issue> <packager>mcepl</packager> <rating>important</rating> <category>security</category> <summary>Security update for python39</summary> <description>This update for python39 fixes the following issues: Security fixes: - CVE-2022-42919: Fixed local privilege escalation via the multiprocessing forkserver start method (bsc#1204886). - CVE-2022-45061: Fixed a quadratic IDNA decoding time (bsc#1205244). Other fixes: - Allow building of documentation with the latest Sphinx 5.3.0 (gh#python/cpython#98366). - Update to 3.9.15: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - Update bundled libexpat to 2.4.9 </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor