{"id":"RLSA-2019:0981","summary":"Important: python27:2.7 security update","details":"Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing.\n\nSQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible, high-level interface to SQL databases.\n\nSecurity Fix(es):\n\n* python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636)\n\n* python-sqlalchemy: SQL Injection when the order_by parameter can be controlled (CVE-2019-7164)\n\n* python-sqlalchemy: SQL Injection when the group_by parameter can be controlled (CVE-2019-7548)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-02-05T03:15:12.986805Z","published":"2019-05-07T03:40:00Z","upstream":["CVE-2019-7164","CVE-2019-7548","CVE-2019-9636"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2019:0981"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1674059"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1678520"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1688543"}],"affected":[{"package":{"name":"python-markupsafe","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-markupsafe?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.23-19.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-markupsafe","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-markupsafe?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.23-19.module+el8.5.0+706+735ec4b3"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-attrs","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-attrs?distro=rocky-linux-8-5-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:17.4.0-10.module+el8.5.0+706+735ec4b3"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-attrs","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-attrs?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:17.4.0-10.module+el8.4.0+403+9ae17a31"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"babel","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/babel?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.5.1-9.module+el8.4.0+403+9ae17a31"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"Cython","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/Cython?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.28.1-7.module+el8.5.0+706+735ec4b3"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"Cython","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/Cython?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.28.1-7.module+el8.4.0+403+9ae17a31"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"pytest","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/pytest?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.4.2-13.module+el8.5.0+706+735ec4b3"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"pytest","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/pytest?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.4.2-13.module+el8.4.0+403+9ae17a31"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-funcsigs","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-funcsigs?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.0.2-13.module+el8.4.0+403+9ae17a31"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python2-rpm-macros","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python2-rpm-macros?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3-38.module+el8.4.0+403+9ae17a31"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-chardet","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.0.4-10.module+el8.5.0+706+735ec4b3"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-chardet","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.0.4-10.module+el8.4.0+403+9ae17a31"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-coverage","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-coverage?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.1-4.module+el8.5.0+706+735ec4b3"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-coverage","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-coverage?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.1-4.module+el8.4.0+403+9ae17a31"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-docutils","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-docutils?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.14-12.module+el8.4.0+403+9ae17a31"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-docutils","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-docutils?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.14-12.module+el8.3.0+120+426d8baf"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-idna","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-idna?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.5-7.module+el8.5.0+706+735ec4b3"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-idna","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-idna?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.5-7.module+el8.4.0+403+9ae17a31"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-ipaddress","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-ipaddress?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.0.18-6.module+el8.4.0+403+9ae17a31"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-jinja2","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-jinja2?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.10-8.module+el8.4.0+403+9ae17a31"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-lxml","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-lxml?distro=rocky-linux-8-5-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.2.3-3.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-mock","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-mock?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.0.0-13.module+el8.4.0+403+9ae17a31"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-nose","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-nose?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.3.7-30.module+el8.3.0+120+426d8baf"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-pluggy","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-pluggy?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.6.0-8.module+el8.5.0+706+735ec4b3"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-pluggy","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-pluggy?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.6.0-8.module+el8.4.0+403+9ae17a31"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-psycopg2","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.7.5-7.el8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-psycopg2","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.7.5-7.module+el8.5.0+706+735ec4b3"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-py","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-py?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.3-6.module+el8.5.0+706+735ec4b3"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-py","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-py?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.3-6.module+el8.4.0+403+9ae17a31"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-pygments","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-pygments?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.2.0-20.module+el8.3.0+120+426d8baf"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-PyMySQL","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.8.0-10.module+el8.5.0+706+735ec4b3"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-PyMySQL","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.8.0-10.module+el8.3.0+120+426d8baf"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-pysocks","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.8-6.module+el8.5.0+706+735ec4b3"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-pysocks","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.6.8-6.module+el8.4.0+403+9ae17a31"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-pytest-mock","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-pytest-mock?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.9.0-4.module+el8.4.0+403+9ae17a31"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"python-setuptools_scm","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-setuptools_scm?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.15.7-6.module+el8.4.0+403+9ae17a31"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"pytz","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/pytz?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2017.2-12.module+el8.5.0+706+735ec4b3"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"pytz","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/pytz?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2017.2-12.module+el8.4.0+403+9ae17a31"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"PyYAML","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.12-16.module+el8.5.0+706+735ec4b3"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}},{"package":{"name":"PyYAML","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.12-16.module+el8.4.0+403+9ae17a31"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}