{"affected":[{"ecosystem_specific":{"binaries":[{"libpython3_11-1_0":"3.11.8-3.1","python311":"3.11.8-3.1","python311-base":"3.11.8-3.1","python311-curses":"3.11.8-3.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.0","name":"python311","purl":"pkg:rpm/suse/python311&distro=SUSE%20Linux%20Micro%206.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.11.8-3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpython3_11-1_0":"3.11.8-3.1","python311":"3.11.8-3.1","python311-base":"3.11.8-3.1","python311-curses":"3.11.8-3.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.0","name":"python311-core","purl":"pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Micro%206.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.11.8-3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for python311, python-rpm-macros fixes the following issues:\n\npython311:\n  - CVE-2024-0450: Fixed zipfile module vulnerability with \"quoted-overlap\" zipbomb (bsc#1221854)\n  - CVE-2024-4032: Fixed incorrect IPv4 and IPv6 private ranges (bsc#1226448)\n  - CVE-2024-0397: Fixed memory race condition in ssl.SSLContext certificate store methods (bsc#1226447)\n  - CVE-2024-6923: Prevent email header injection due to unquoted newlines (bsc#1228780)\n  - Fixed executable bits for /usr/bin/idle* (bsc#1227378).\n\n\npython-rpm-macros:\n\n  - Update to version 20240618.c146b29:\n    * Add %FLAVOR_pytest and %FLAVOR_pyunittest variants\n\n  - Update to version 20240618.1e386da:\n    * Fix python_clone sed regex\n\n  - Update to version 20240614.02920b8:\n    * Make sure that RPM_BUILD_ROOT env is set\n    * don't eliminate any cmdline arguments in the shebang line\n    * Create python313 macros\n\n  - Update to version 20240415.c664b45:\n    * Fix typo 310 -> 312 in default-prjconf\n\n  - Update to version 20240202.501440e:\n    * SPEC0: Drop python39, add python312 to buildset (#169)\n\n  - Update to version 20231220.98427f3:\n    * fix python2_compile macro\n\n  - Update to version 20231207.46c2ec3:\n    * make FLAVOR_compile compatible with python2\n\n  - Update to version 20231204.dd64e74:\n    * Combine fix_shebang in one line\n    * New macro FLAVOR_fix_shebang_path\n    * Use realpath in %python_clone macro shebang replacement\n    * Compile and fix_shebang in %python_install macros\n\n  - Update to version 20231010.0a1f0d9:\n    * Revert \"Compile and fix_shebang in %python_install macros\"\n    * gh#openSUSE/python-rpm-macros#163\n\n  - Update to version 20231010.a32e110:\n    * Compile and fix_shebang in %python_install macros\n\n  - Update to version 20231005.bf2d3ab:\n    * Fix shebang also in sbin with macro _fix_shebang\n","id":"SUSE-SU-2025:20025-1","modified":"2025-02-03T08:50:40Z","published":"2025-02-03T08:50:40Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520025-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1174091"},{"type":"REPORT","url":"https://bugzilla.suse.com/1189495"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221854"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226447"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226448"},{"type":"REPORT","url":"https://bugzilla.suse.com/1227378"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228780"},{"type":"REPORT","url":"https://bugzilla.suse.com/831629"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-20907"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9947"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15523"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15801"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-25236"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-52425"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0397"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0450"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-4032"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6923"}],"related":["CVE-2019-20907","CVE-2019-9947","CVE-2020-15523","CVE-2020-15801","CVE-2022-25236","CVE-2023-52425","CVE-2024-0397","CVE-2024-0450","CVE-2024-4032","CVE-2024-6923"],"summary":"Security update for python311, python-rpm-macros","upstream":["CVE-2019-20907","CVE-2019-9947","CVE-2020-15523","CVE-2020-15801","CVE-2022-25236","CVE-2023-52425","CVE-2024-0397","CVE-2024-0450","CVE-2024-4032","CVE-2024-6923"]}