Security update for python-wxPython SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:3964-1 Final 1 1 2024-11-09T16:39:53Z current 2024-11-09T16:39:53Z 2024-11-09T16:39:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-wxPython This update for python-wxPython fixes the following issues: Security issue fixed: - CVE-2024-50602: Fixed a denial of service in the vendored libexpat's XML_ResumeParser function (bsc#1232590). Non-security issues fixed: - rebuilt for python 3.11 (bsc#1228252). - add repack script, do not include packaging/ dir in sources - Reduce complexity by not rewriting subpackages at all. - Appease factory-auto bot about package src name. - Add additional patches fixing the situation with Python 3.10 compatibility. - Split out the TW python3 flavors into multibuild using the python_subpackage_only mechanism: Multiple python3 flavors sequentially require too much space and time in one build. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-3964,openSUSE-SLE-15.6-2024-3964 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20243964-1/ Link for SUSE-SU-2024:3964-1 https://lists.suse.com/pipermail/sle-security-updates/2024-November/019803.html E-Mail link for SUSE-SU-2024:3964-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1228252 SUSE Bug 1228252 https://bugzilla.suse.com/1232590 SUSE Bug 1232590 https://www.suse.com/security/cve/CVE-2024-50602/ SUSE CVE CVE-2024-50602 page openSUSE Leap 15.6 python311-wxPython-4.1.1-150400.3.8.1 python311-wxPython-lang-4.1.1-150400.3.8.1 python311-wxPython-4.1.1-150400.3.8.1 as a component of openSUSE Leap 15.6 python311-wxPython-lang-4.1.1-150400.3.8.1 as a component of openSUSE Leap 15.6 An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. CVE-2024-50602 openSUSE Leap 15.6:python311-wxPython-4.1.1-150400.3.8.1 openSUSE Leap 15.6:python311-wxPython-lang-4.1.1-150400.3.8.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243964-1/ https://www.suse.com/security/cve/CVE-2024-50602.html CVE-2024-50602 https://bugzilla.suse.com/1232579 SUSE Bug 1232579