Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python39 for openSUSE:Factory checked in at 2021-09-20 23:32:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python39 (Old) and /work/SRC/openSUSE:Factory/.python39.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python39" Mon Sep 20 23:32:04 2021 rev:22 rq:919259 version:3.9.7 Changes: -------- --- /work/SRC/openSUSE:Factory/python39/python39.changes 2021-09-11 22:24:20.783375719 +0200 +++ /work/SRC/openSUSE:Factory/.python39.new.1899/python39.changes 2021-09-20 23:32:29.355124364 +0200 @@ -242,3 +242,3 @@ - - bpo-44022: mod:http.client now avoids infinitely reading - potential HTTP headers after a 100 Continue status response - from the server. + - bpo-44022 (bsc#1189241, CVE-2021-3737): http.client now + avoids infinitely reading potential HTTP headers after + a 100 Continue status response from the server. @@ -353,7 +353,7 @@ - - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) - vulnerability in urllib.request.AbstractBasicAuthHandler. - The ReDoS-vulnerable regex has quadratic worst-case - complexity and it allows cause a denial of service when - identifying crafted invalid RFCs. This ReDoS issue is on - the client side and needs remote attackers to control the - HTTP server. + - bpo-43075 (CVE-2021-3733, bsc#1189287): Fix Regular + Expression Denial of Service (ReDoS) vulnerability in + urllib.request.AbstractBasicAuthHandler. The + ReDoS-vulnerable regex has quadratic worst-case complexity + and it allows cause a denial of service when identifying + crafted invalid RFCs. This ReDoS issue is on the client + side and needs remote attackers to control the HTTP server. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------
