Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
patchinfo.29655
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.29655
<patchinfo incident="29655"> <issue tracker="bnc" id="1211765">python310 unreproducible pyc</issue> <issue tracker="cve" id="2007-4559"/> <issue tracker="cve" id="2023-24329"/> <issue tracker="bnc" id="1208471">VUL-0: CVE-2023-24329: python,python3,python27,python36,python39,python310: blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters</issue> <issue tracker="bnc" id="1203750">VUL-0: CVE-2007-4559: python36,python3,python39,python310,python,python27: python tarfile module directory traversal</issue> <packager>mcepl</packager> <rating>important</rating> <category>security</category> <summary>Security update for python310</summary> <description>This update for python310 fixes the following issues: - Make marshalling of `set` and `frozenset` deterministic (bsc#1211765) python310 was updated to 3.10.12: - urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329 (bsc#1208471). - Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified. - Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. - trace.__main__ now uses io.open_code() for files to be executed instead of raw open(). - CVE-2007-4559: The extraction methods in tarfile, and shutil.unpack_archive(), have a new filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details (fixing bsc#1203750). </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor