Overview
Request 1200670 accepted
- Security updates on Python 3.11 interpreter:
* Fix quadratic complexity in parsing -quoted cookie values with
backslashes (bsc#1229873, bsc#1230059, CVE-2024-7592).
* Prevent malformed payload to cause infinite loops in zipfile.Path
(bsc#1229704, bsc#1230058, CVE-2024-8088).
* Prevent email header injection due to unquoted newlines
(bsc#1228780, CVE-2024-6923).
* Rearranging definition of private global IP addresses
(bsc#1226448, CVE-2024-4032).
* gh-114572: ssl.SSLContext.cert_store_stats() and
ssl.SSLContext.get_ca_certs() now correctly lock access to the
certificate store, when the ssl.SSLContext is shared across
multiple threads (bsc#1226447, CVE-2024-0397).
- Security updates on Python dependencies:
* zipp: Add patch CVE-2024-5569.patch from upstream gh#jaraco/zipp@fd604bd34f03
(bsc#1227547, CVE-2024-5569, bsc#1229996).
* setuptools: Sanitize any VCS URL we download
(CVE-2024-6345, bsc#1228105, bsc#1229995).
* idna: Add CVE-2024-3651.patch, backported from upstream commit
gh#kjd/idna#172/commits/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7
(bsc#1222842, bsc#1229994, CVE-2024-3651).
* urllib3: Added the ``Proxy-Authorization`` header to the list of headers
to strip from requests when redirecting to a different host
(bsc#1226469, bsc#1229654, CVE-2024-37891).
- Created by PSuarezHernandez
- In state accepted
- Supersedes 1200669
Request History
PSuarezHernandez created request
- Security updates on Python 3.11 interpreter:
* Fix quadratic complexity in parsing -quoted cookie values with
backslashes (bsc#1229873, bsc#1230059, CVE-2024-7592).
* Prevent malformed payload to cause infinite loops in zipfile.Path
(bsc#1229704, bsc#1230058, CVE-2024-8088).
* Prevent email header injection due to unquoted newlines
(bsc#1228780, CVE-2024-6923).
* Rearranging definition of private global IP addresses
(bsc#1226448, CVE-2024-4032).
* gh-114572: ssl.SSLContext.cert_store_stats() and
ssl.SSLContext.get_ca_certs() now correctly lock access to the
certificate store, when the ssl.SSLContext is shared across
multiple threads (bsc#1226447, CVE-2024-0397).
- Security updates on Python dependencies:
* zipp: Add patch CVE-2024-5569.patch from upstream gh#jaraco/zipp@fd604bd34f03
(bsc#1227547, CVE-2024-5569, bsc#1229996).
* setuptools: Sanitize any VCS URL we download
(CVE-2024-6345, bsc#1228105, bsc#1229995).
* idna: Add CVE-2024-3651.patch, backported from upstream commit
gh#kjd/idna#172/commits/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7
(bsc#1222842, bsc#1229994, CVE-2024-3651).
* urllib3: Added the ``Proxy-Authorization`` header to the list of headers
to strip from requests when redirecting to a different host
(bsc#1226469, bsc#1229654, CVE-2024-37891).
mczernek accepted request