| Description: | Summary:
The remote host is missing an update for the 'python310'
package(s) announced via the SUSE-SU-2022:2291-1 advisory.
Vulnerability Insight:
This update for python310 fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module
(bsc#1198511).
- Update to 3.10.5:
- Core and Builtins
- gh-93418: Fixed an assert where an f-string has an equal sign '='
following an expression, but there's no trailing brace. For example,
f'{i='.
- gh-91924: Fix __ltrace__ debug feature if the stdout encoding is not
UTF-8. Patch by Victor Stinner.
- gh-93061: Backward jumps after async for loops are no longer given
dubious line numbers.
- gh-93065: Fix contextvars HAMT implementation to handle iteration
over deep trees.
- The bug was discovered and fixed by Eli Libman. See
MagicStack/immutables#84 for more details.
- gh-92311: Fixed a bug where setting frame.f_lineno to jump
over a list comprehension could misbehave or crash.
- gh-92112: Fix crash triggered by an evil custom mro() on a metaclass.
- gh-92036: Fix a crash in subinterpreters related to the garbage
collector. When a subinterpreter is deleted, untrack all objects
tracked by its GC. To prevent a crash in deallocator functions
expecting objects to be tracked by the GC, leak a strong reference
to these objects on purpose, so they are never deleted and their
deallocator functions are not called. Patch by Victor Stinner.
- gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex.
- bpo-47212: Raise IndentationError instead of SyntaxError for a bare
except with no following indent. Improve SyntaxError locations for
an un-parenthesized generator used as arguments. Patch by Matthieu
Dartiailh.
- bpo-47182: Fix a crash when using a named unicode character like
'\N{digit nine}' after the main interpreter has been initialized a
second time.
- bpo-47117: Fix a crash if we fail to decode characters in
interactive mode if the tokenizer buffers are uninitialized. Patch
by Pablo Galindo.
- bpo-39829: Removed the __len__() call when initializing a list and
moved initializing to list_extend. Patch by Jeremiah Pascual.
- bpo-46962: Classes and functions that unconditionally declared their
docstrings ignoring the
- -without-doc-strings compilation flag no longer do so.
- The classes affected are ctypes.UnionType, pickle.PickleBuffer,
testcapi.RecursingInfinitelyEr ...
Description truncated. Please see the references for more information.
Affected Software/OS:
'python310' package(s) on openSUSE Leap 15.4.
Solution:
Please install the updated package(s).
CVSS Score:
8.0
CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:C/A:P
|
