{"id":"SUSE-SU-2020:0302-1","summary":"Security update for python36","details":"This update for python36 to version 3.6.10 fixes the following issues:\n\n- CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507).\n- CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ signs (bsc#1149955).\n- CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429).\n","modified":"2026-02-04T04:39:44.509955Z","published":"2020-02-03T13:35:40Z","related":["CVE-2017-18207","CVE-2018-1000802","CVE-2018-1060","CVE-2018-20852","CVE-2019-10160","CVE-2019-15903","CVE-2019-16056","CVE-2019-5010","CVE-2019-9636","CVE-2019-9947"],"upstream":["CVE-2017-18207","CVE-2018-1000802","CVE-2018-1060","CVE-2018-20852","CVE-2019-10160","CVE-2019-15903","CVE-2019-16056","CVE-2019-5010","CVE-2019-9636","CVE-2019-9947"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20200302-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1027282"},{"type":"REPORT","url":"https://bugzilla.suse.com/1029377"},{"type":"REPORT","url":"https://bugzilla.suse.com/1081750"},{"type":"REPORT","url":"https://bugzilla.suse.com/1083507"},{"type":"REPORT","url":"https://bugzilla.suse.com/1086001"},{"type":"REPORT","url":"https://bugzilla.suse.com/1088009"},{"type":"REPORT","url":"https://bugzilla.suse.com/1094814"},{"type":"REPORT","url":"https://bugzilla.suse.com/1109663"},{"type":"REPORT","url":"https://bugzilla.suse.com/1137942"},{"type":"REPORT","url":"https://bugzilla.suse.com/1138459"},{"type":"REPORT","url":"https://bugzilla.suse.com/1141853"},{"type":"REPORT","url":"https://bugzilla.suse.com/1149121"},{"type":"REPORT","url":"https://bugzilla.suse.com/1149429"},{"type":"REPORT","url":"https://bugzilla.suse.com/1149792"},{"type":"REPORT","url":"https://bugzilla.suse.com/1149955"},{"type":"REPORT","url":"https://bugzilla.suse.com/1151490"},{"type":"REPORT","url":"https://bugzilla.suse.com/1159035"},{"type":"REPORT","url":"https://bugzilla.suse.com/1159622"},{"type":"REPORT","url":"https://bugzilla.suse.com/709442"},{"type":"REPORT","url":"https://bugzilla.suse.com/951166"},{"type":"REPORT","url":"https://bugzilla.suse.com/983582"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-18207"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1000802"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1060"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20852"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-10160"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-15903"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-16056"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5010"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9636"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9947"}],"affected":[{"package":{"name":"python36","ecosystem":"SUSE:Linux Enterprise Server 12 SP5","purl":"pkg:rpm/suse/python36&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.10-4.3.5"}]}],"ecosystem_specific":{"binaries":[{"python36":"3.6.10-4.3.5","libpython3_6m1_0":"3.6.10-4.3.5","python36-base":"3.6.10-4.3.5"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0302-1.json"}},{"package":{"name":"python36-base","ecosystem":"SUSE:Linux Enterprise Server 12 SP5","purl":"pkg:rpm/suse/python36-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.10-4.3.5"}]}],"ecosystem_specific":{"binaries":[{"python36":"3.6.10-4.3.5","libpython3_6m1_0":"3.6.10-4.3.5","python36-base":"3.6.10-4.3.5"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0302-1.json"}},{"package":{"name":"python36","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP5","purl":"pkg:rpm/suse/python36&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.10-4.3.5"}]}],"ecosystem_specific":{"binaries":[{"python36":"3.6.10-4.3.5","libpython3_6m1_0":"3.6.10-4.3.5","python36-base":"3.6.10-4.3.5"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0302-1.json"}},{"package":{"name":"python36-base","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP5","purl":"pkg:rpm/suse/python36-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.10-4.3.5"}]}],"ecosystem_specific":{"binaries":[{"python36":"3.6.10-4.3.5","libpython3_6m1_0":"3.6.10-4.3.5","python36-base":"3.6.10-4.3.5"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0302-1.json"}}],"schema_version":"1.7.3"}