SUSE-SU-2021:0355-1 Security update for python

This update for python fixes the following issues: - buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution bsc1181126, CVE-2021-3177. - Provide the newest setuptools wheel bsc1176262, CVE-2019-20916 in their correct form bsc1180686...

3di-cmd-client (>=0.0.1a0 <=0.0.3), abracadabra (>=0.0.0 <=0.0.5) +737 more potentially affected by CVE-2020-28493 via jinja2 (>=2.10.0 <=2.11.2)

jinja2 PYPI version =2.10.0, =0.0.1a0, =0.0.0, =0.4.0, =0.0.1, =1.0.0a4, =0.0.3, =1.0.0, =0.1.0, =2022.9.19, =0.2.0, =0.5.1, =0.2.0, =1.0.0, =1.1.0 and more Source cves: CVE-2020-28493 Source advisory: OSV:PYSEC-2021-66...

SUSE-SU-2021:0048-1 Security update for python-defusedxml, python-freezegun, python-pkgconfig, python-python3-saml, python-xmlsec

This update for python-defusedxml, python-freezegun, python-pkgconfig, python-python3-saml, python-xmlsec fixes the following issues: - Update to 0.6.0 - Increase test coverage. - Add badges to README. - Test on Python 3.7 stable and 3.8-dev - Drop support for Python 3.4 - No longer pass html...

A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

...

Security update for python (important)

openSUSE Security Update: Security update for python Announcement ID: openSUSE-SU-2020:2211-1 Rating: important References: 1176262 Cross-References: CVE-2019-20916 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for python...

MGASA-2020-0451 Updated python and python3 packages fix security vulnerabilities

It was discovered that incorrectly handled certain ZIP files. An attacker could possibly use this issue to cause a denial of service CVE-2019-9674. It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong assumptions of this...

SUSE-SU-2020:3563-1 Security update for python36

This update for python36 fixes the following issues: Update to 3.6.12, including the following fixes: - Fixed a directory traversal in downloadhttpurl bsc1176262 CVE-2019-20916 - Fixed CRLF injection via HTTP request method in httplib/http.client bsc1177211 CVE-2020-26116 - Fixed possible infinit...

SUSE-SU-2020:3121-1 Security update for python

This update for python fixes the following issues: - CVE-2020-26116: Fixed CRLF injection via HTTP request method bsc1177211...

tensorflowjs (>=1.5.2 <=1.7.4) potentially affected by CVE-2020-15194 via tensorflow-cpu (=2.1.0)

tensorflow-cpu PYPI version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - tensorflowjs =1.5.2, =1.7.4 Source cves: CVE-2020-15194 Source advisory: OSV:PYSEC-2020-274...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +94 more potentially affected by CVE-2020-15201 via tensorflow-cpu (>=1.15.0 <=2.2.3)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.0.1, =0.3.3 - cemotion-apple =0.0.7 and more Source cves: CVE-2020-15201 Source advisory: OSV:PYSEC-2020-281...

tsutils (>=4.0.5 <=5.2.0) potentially affected by CVE-2020-15147 via red-discordbot (=3.0.2)

red-discordbot PYPI version =3.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on red-discordbot and may be impacted: - tsutils =4.0.5, =5.2.0 Source cves: CVE-2020-15147 Source advisory: OSV:PYSEC-2020-266...

SUSE-SU-2020:2276-1 Security update for python

This update for python fixes the following issues: - CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs bsc1174091...

SUSE-SU-2020:2275-1 Security update for python

This update for python fixes the following issues: - CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs bsc1174091...

SUSE-SU-2020:2216-1 Security update for python36

This update for python36 fixes the following issues: - CVE-2019-20907, bsc1174091: avoiding possible infinite loop in specifically crafted tarball. - CVE-2020-14422, bsc1173274: where hash collisions in IPv4Interface and IPv6Interface could lead to DOS...

DLA-2232-1 python-httplib2 - security update

Bulletin has no description...

DLA-2167-1 python-bleach - security update

Bulletin has no description...

admindjango-ckeditor-blog (=0.1.0), aiida-core (=1.0.0) +53 more potentially affected by CVE-2020-9402 via django (>=1.11.0 <=1.11.28)

django PYPI version =1.11.0, =0.2.0.dev20181221, =0.28.0, =3.1.4, =2.19.0, =0.0.19, =4.4.1, =1.0.0, =0.6.0, =0.7.2 and more Source cves: CVE-2020-9402 Source advisory: OSV:PYSEC-2020-36...

SUSE-SU-2020:0234-1 Security update for python

This update for python fixes the following issues: Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions bsc1159035...

Design/Logic Flaw

The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...

SUSE-SU-2019:2748-2 Security update for python

This update for python fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module bsc1149955. - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py bsc1153238...