{"affected":[],"aliases":[],"details":"This update for python311 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2024-6923: Fixed email header injection due to unquoted newlines (bsc#1228780)\n- CVE-2024-5642: Removed support for anything but OpenSSL 1.1.1 or newer (bsc#1227233)\n- CVE-2024-4032: Fixed incorrect IPv4 and IPv6 private ranges (bsc#1226448)\n\nNon-security issues fixed:\n\n- Fixed executable bits for /usr/bin/idle* (bsc#1227378).\n- Improve python reproducible builds (bsc#1227999)\n- Make pip and modern tools install directly in /usr/local when used by the user (bsc#1225660)\n- %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999)\n","id":"SUSE-SU-2024:2982-1","modified":"2024-08-20T09:08:55Z","published":"2024-08-20T09:08:55Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20242982-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1225660"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226447"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226448"},{"type":"REPORT","url":"https://bugzilla.suse.com/1227378"},{"type":"REPORT","url":"https://bugzilla.suse.com/1227999"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228780"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-27043"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0397"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-4032"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6923"}],"related":["CVE-2023-27043","CVE-2024-0397","CVE-2024-4032","CVE-2024-6923"],"summary":"Security update for python311","upstream":["CVE-2023-27043","CVE-2024-0397","CVE-2024-4032","CVE-2024-6923"]}