443 matches found
DLA-2167-1 python-bleach - security update
Bulletin has no description...
admindjango-ckeditor-blog (=0.1.0), aiida-core (=1.0.0) +53 more potentially affected by CVE-2020-9402 via django (>=1.11.0 <=1.11.28)
django PYPI version =1.11.0, =0.2.0.dev20181221, =0.28.0, =3.1.4, =2.19.0, =0.0.19, =4.4.1, =1.0.0, =0.6.0, =0.7.2 and more Source cves: CVE-2020-9402 Source advisory: OSV:PYSEC-2020-36...
SUSE-SU-2020:0234-1 Security update for python
This update for python fixes the following issues: Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions bsc1159035...
Design/Logic Flaw
The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...
SUSE-SU-2019:2748-2 Security update for python
This update for python fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module bsc1149955. - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py bsc1153238...
MGASA-2019-0318 Updated python packages fix security vulnerabilities
Updated python and python3 packages fix security vulnerabilities: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to...
Amazon Linux AMI : python27 / python34,python35,python36 (ALAS-2019-1314)
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To header...
SUSE-SU-2019:2802-1 Security update for python3
This update for python3 to 3.6.9 fixes the following issues: Security issues fixed: - CVE-2019-16056: Fixed a parser issue in the email module. bsc1149955 - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py bsc1153238. Non-security issues fixed: - Fixed regression of OpenSSL...
SUSE-SU-2019:2743-1 Security update for python
This update for python fixes the following issues: Security issues fixed: - CVE-2019-9947: Fixed an insufficient validation of URL paths with embedded whitespace or control characters that could allow HTTP header injections. bsc1130840 - CVE-2019-16056: Fixed a parser issue in the email module...
SUSE-SU-2019:2091-1 Security update for python
This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 bsc1138459. - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation...
OPENSUSE-SU-2019:1989-1 Security update for python
This update for python fixes the following issues: - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation bsc1141853. This update was imported from the SUSE:SLE-15:Update update project...
Amazon Linux AMI : python34 / python35,python36 (ALAS-2019-1259)
A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies,...
SUSE-SU-2019:14142-1 Security update for python
This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 bsc1138459. - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation...
Important: python34, python35, python36
Issue Overview: A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store...
Important: python27
Issue Overview: A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store...
SUSE-SU-2019:2064-1 Security update for python
This update for python fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 bsc1138459...
SUSE-SU-2019:1439-1 Security update for python
This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead bsc1130847. - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC...
SUSE-SU-2019:0972-1 Security update for python
This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead bsc1130847. - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC...
SUSE-SU-2019:14018-1 Security update for python
This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead bsc1130847. - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC...
Amazon Linux AMI : python27 / python34,python35,python36 (ALAS-2019-1169)
A NULL pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accep...