SUSE-SU-2021:0048-1: moderate: Security update for python-defusedxml, python-freezegun, python-pkgconfig, python-python3-saml, python-xmlsec
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Fri Jan 8 10:18:07 MST 2021
SUSE Security Update: Security update for python-defusedxml, python-freezegun, python-pkgconfig, python-python3-saml, python-xmlsec
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:0048-1
Rating: moderate
References: #1019074 #1041090 #1177200
Cross-References: CVE-2017-11427
Affected Products:
SUSE Enterprise Storage 6
______________________________________________________________________________
An update that solves one vulnerability and has two fixes
is now available.
Description:
This update for python-defusedxml, python-freezegun, python-pkgconfig,
python-python3-saml, python-xmlsec fixes the following issues:
- Update to 0.6.0
- Increase test coverage.
- Add badges to README.
- Test on Python 3.7 stable and 3.8-dev
- Drop support for Python 3.4
- No longer pass *html* argument to XMLParse. It has been deprecated and
ignored for a long time. The DefusedXMLParser still takes a html
argument. A deprecation warning is issued when the argument is False
and a TypeError when it's True.
- defusedxml now fails early when pyexpat stdlib module is not available
or broken.
- defusedxml.ElementTree.__all__ now lists ParseError as public
attribute.
- The defusedxml.ElementTree and defusedxml.cElementTree modules had a
typo and used XMLParse instead of XMLParser as an alias for
DefusedXMLParser. Both the old and fixed name are now available.
- Remove superfluous devel dependency for noarch package
- Update to 5.0
* Add compatibility with Python 3.6
* Drop support for Python 2.6, 3.1, 3.2, 3.3
* Fix lxml tests (XMLSyntaxError: Detected an entity reference loop)
- Implement single-spec version.
- Dummy changelog for bsc#1019074, FATE#322329
- Add dependency on the full python (which is not pulled by setuptools
anymore). Use %{pythons} macro now. (bsc#1177200)
- Upgrade to 0.3.12:
* Refactor classes to functions
* Ignore Selenium
* Move to pytest
* Conditionally patch time.clock (removed in 3.8)
* Patch time.time_ns added in Python 3.7
- Do not require python2 module for building python3 module
- Update to 0.3.11:
* Performance improvements
* Fix nesting time.time
* Add nanosecond property
- Remove superfluous devel dependency for noarch package
- Add remove_dependency_on_mock.patch which removes dependency on
python-mock for Python 3, where it is not required.
- update to 0.3.10
* Performance improvements
* Coroutine support
- update to version 0.3.9
* If no time to be frozen, use current time
* Fix uuid1 issues
* Add support for python 3.6
update to version 0.3.8
* Improved unpatching when importing modules after freeze_time start()
* Add manual increment via tick method
* Fix bug with time.localtime not being reset. Closes #112.
* Fix test to work when current timezone is GMT-14 or GMT+14.
* Fixed #162 - allow decorating old-style classes.
* Add support to PyMySQL
* Assume the default time to freeze is "now".
* Register fake types in PyMySQL conversions
* Ignore threading and Queue modules. Closes #129.
* Lock down coverage version since new coverage doesnt support py3.2
* Fix or py3 astimezone and not passing tz. Closes #138.
* Add note about deafult arguments. Closes #140.
* Add license info. Closes #120.
- Update to 0.3.5
* No upstream changelog
- Remove unneeded freeze_hideDeps.patch
- Use download Url as source
- Use tarball provided by pypi
- update to 1.5.1
* Use poetry instead of setuptools directly
* Fix #42: raise exception if package is missing
* Fix version parsing for openssl-like version numbers, fixes #32
* Add boolean static keyword to output private libraries as well
* Raise original OSError as well
- Add missing test dependency pkgconfig
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2021-48=1
Package List:
- SUSE Enterprise Storage 6 (aarch64 x86_64):
python3-xmlsec-1.3.6-1.5.1
python3-xmlsec-debuginfo-1.3.6-1.5.1
- SUSE Enterprise Storage 6 (noarch):
python3-defusedxml-0.6.0-1.5.1
python3-freezegun-0.3.12-1.5.1
python3-isodate-0.6.0-1.3.2
python3-pkgconfig-1.5.1-1.5.1
python3-python3-saml-1.9.0-1.5.2
References:
https://www.suse.com/security/cve/CVE-2017-11427.html
https://bugzilla.suse.com/1019074
https://bugzilla.suse.com/1041090
https://bugzilla.suse.com/1177200
More information about the sle-updates
mailing list