SUSE-SU-2020:3865-1 -- SLES python36ID: oval:org.secpod.oval:def:89000446 | Date: (C)2021-02-23 (M)2024-02-15 |
Class: PATCH | Family: unix |
This update for python36 fixes the following issues: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen - CVE-2019-20916: Fixed a directory traversal in _download_http_url . - CVE-2020-27619: Fixed an issue where the CJK codec tests call eval on content retrieved via HTTP . - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP . - Working-around missing python-packaging dependency in python-Sphinx is not necessary anymore . - Build of python3 documentation is not independent on the version of Sphinx.
Platform: |
SUSE Linux Enterprise Server 12 SP5 |