Bug 1208471 (CVE-2023-24329) - VUL-0: CVE-2023-24329: python,python3,python27,python36,python39,python310: blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters
Summary: VUL-0: CVE-2023-24329: python,python3,python27,python36,python39,python310: b...
Status: RESOLVED FIXED
Alias: CVE-2023-24329
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/357592/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-24329:7.3:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-02-20 07:26 UTC by Gabriele Sonnu
Modified: 2024-06-13 15:45 UTC (History)
8 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Gabriele Sonnu 2023-02-20 07:26:43 UTC 
CVE-2023-24329

An issue in the urllib.parse component of Python before v3.11 allows attackers
to bypass blocklisting methods by supplying a URL that starts with blank
characters.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24329
https://www.cve.org/CVERecord?id=CVE-2023-24329
https://github.com/python/cpython/pull/99421
https://pointernull.com/security/python-url-parse-problem.html
Comment 1 Gabriele Sonnu 2023-02-20 07:45:15 UTC 
Affected packages:

- SUSE:SLE-11-SP1:Update/python                       2.6.9 
- SUSE:SLE-11-SP1:Update:TD/python27                  2.7.18
- SUSE:SLE-12:Update/python3                          3.4.10
- SUSE:SLE-12-SP1:Update/python                       2.7.18
- SUSE:SLE-12-SP3:Update:Products:TD:Update/python36  3.6.15
- SUSE:SLE-12-SP4:Update/python                       2.7.18
- SUSE:SLE-12-SP5:Update/python36                     3.6.15
- SUSE:SLE-15:Update/python                           2.7.18
- SUSE:SLE-15:Update/python36                         3.6.15
- SUSE:SLE-15-SP3:Update/python36                     3.6.15
- SUSE:SLE-15-SP3:Update/python39                     3.9.15
- SUSE:SLE-15-SP4:Update/python310                    3.10.8
- openSUSE:Factory/python                             2.7.18
- openSUSE:Factory/python310                          3.10.9
- openSUSE:Factory/python39                           3.9.16

Upstream patch:

https://github.com/python/cpython/pull/99421
Comment 2 OBSbugzilla Bot 2023-03-02 00:05:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1208471) was mentioned in
https://build.opensuse.org/request/show/1068563 Factory / python38
https://build.opensuse.org/request/show/1068564 Factory / python39
Comment 3 OBSbugzilla Bot 2023-03-02 11:25:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1208471) was mentioned in
https://build.opensuse.org/request/show/1068657 Factory / python-yarl
Comment 5 OBSbugzilla Bot 2023-03-02 16:45:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1208471) was mentioned in
https://build.opensuse.org/request/show/1068978 Factory / python
https://build.opensuse.org/request/show/1068979 Factory / python310
Comment 12 Maintenance Automation 2023-03-08 12:30:22 UTC 
SUSE-SU-2023:0663-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1206673, 1208471
CVE References: CVE-2022-40899, CVE-2023-24329
Sources used:
SUSE OpenStack Cloud 9 (src): python3-base-3.4.10-25.108.1, python3-3.4.10-25.108.1
SUSE OpenStack Cloud Crowbar 9 (src): python3-base-3.4.10-25.108.1, python3-3.4.10-25.108.1
Web and Scripting Module 12 (src): python3-base-3.4.10-25.108.1, python3-3.4.10-25.108.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (src): python3-base-3.4.10-25.108.1, python3-3.4.10-25.108.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): python3-base-3.4.10-25.108.1, python3-3.4.10-25.108.1
SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): python3-base-3.4.10-25.108.1, python3-3.4.10-25.108.1
SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (src): python3-base-3.4.10-25.108.1, python3-3.4.10-25.108.1
SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (src): python3-base-3.4.10-25.108.1, python3-3.4.10-25.108.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): python3-base-3.4.10-25.108.1, python3-3.4.10-25.108.1
SUSE Linux Enterprise Server 12 SP5 (src): python3-base-3.4.10-25.108.1, python3-3.4.10-25.108.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): python3-base-3.4.10-25.108.1, python3-3.4.10-25.108.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Maintenance Automation 2023-03-08 12:30:25 UTC 
SUSE-SU-2023:0662-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1208471
CVE References: CVE-2023-24329
Sources used:
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): python36-core-3.6.15-40.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): python36-core-3.6.15-40.1, python36-3.6.15-40.1
SUSE Linux Enterprise Server 12 SP5 (src): python36-core-3.6.15-40.1, python36-3.6.15-40.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): python36-core-3.6.15-40.1, python36-3.6.15-40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Maintenance Automation 2023-03-10 16:30:08 UTC 
SUSE-SU-2023:0707-1: An update that solves five vulnerabilities can now be installed.

Category: security (important)
Bug References: 1208471
CVE References: CVE-2015-20107, CVE-2022-37454, CVE-2022-42919, CVE-2022-45061, CVE-2023-24329
Sources used:
openSUSE Leap 15.4 (src): python39-3.9.16-150300.4.24.1, python39-core-3.9.16-150300.4.24.1, python39-documentation-3.9.16-150300.4.24.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): python39-3.9.16-150300.4.24.1, python39-core-3.9.16-150300.4.24.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): python39-3.9.16-150300.4.24.1, python39-core-3.9.16-150300.4.24.1
SUSE Linux Enterprise Real Time 15 SP3 (src): python39-3.9.16-150300.4.24.1, python39-core-3.9.16-150300.4.24.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): python39-3.9.16-150300.4.24.1, python39-core-3.9.16-150300.4.24.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): python39-3.9.16-150300.4.24.1, python39-core-3.9.16-150300.4.24.1
SUSE Manager Proxy 4.2 (src): python39-3.9.16-150300.4.24.1, python39-core-3.9.16-150300.4.24.1
SUSE Manager Retail Branch Server 4.2 (src): python39-3.9.16-150300.4.24.1, python39-core-3.9.16-150300.4.24.1
SUSE Manager Server 4.2 (src): python39-3.9.16-150300.4.24.1, python39-core-3.9.16-150300.4.24.1
SUSE Enterprise Storage 7.1 (src): python39-3.9.16-150300.4.24.1, python39-core-3.9.16-150300.4.24.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Maintenance Automation 2023-03-14 16:30:07 UTC 
SUSE-SU-2023:0724-1: An update that solves two vulnerabilities and has one fix can now be installed.

Category: security (important)
Bug References: 1202666, 1205244, 1208471
CVE References: CVE-2022-45061, CVE-2023-24329
Sources used:
openSUSE Leap 15.4 (src): python-base-2.7.18-150000.48.1, python-2.7.18-150000.48.1, python-doc-2.7.18-150000.48.1
SUSE Package Hub 15 15-SP4 (src): python-base-2.7.18-150000.48.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): python-base-2.7.18-150000.48.1, python-2.7.18-150000.48.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): python-base-2.7.18-150000.48.1, python-2.7.18-150000.48.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): python-base-2.7.18-150000.48.1, python-2.7.18-150000.48.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): python-base-2.7.18-150000.48.1, python-2.7.18-150000.48.1
SUSE Linux Enterprise Real Time 15 SP3 (src): python-base-2.7.18-150000.48.1, python-2.7.18-150000.48.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): python-base-2.7.18-150000.48.1, python-2.7.18-150000.48.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): python-base-2.7.18-150000.48.1, python-2.7.18-150000.48.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): python-base-2.7.18-150000.48.1, python-2.7.18-150000.48.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): python-base-2.7.18-150000.48.1, python-2.7.18-150000.48.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): python-base-2.7.18-150000.48.1, python-2.7.18-150000.48.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): python-base-2.7.18-150000.48.1, python-2.7.18-150000.48.1
SUSE Manager Proxy 4.2 (src): python-base-2.7.18-150000.48.1, python-2.7.18-150000.48.1
SUSE Manager Retail Branch Server 4.2 (src): python-base-2.7.18-150000.48.1, python-2.7.18-150000.48.1
SUSE Manager Server 4.2 (src): python-base-2.7.18-150000.48.1, python-2.7.18-150000.48.1
SUSE Enterprise Storage 7.1 (src): python-base-2.7.18-150000.48.1, python-2.7.18-150000.48.1
SUSE Enterprise Storage 7 (src): python-base-2.7.18-150000.48.1, python-2.7.18-150000.48.1
SUSE CaaS Platform 4.0 (src): python-base-2.7.18-150000.48.1, python-2.7.18-150000.48.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Maintenance Automation 2023-03-14 20:30:02 UTC 
SUSE-SU-2023:0736-1: An update that solves one vulnerability and has two fixes can now be installed.

Category: security (important)
Bug References: 1188607, 1208443, 1208471
CVE References: CVE-2023-24329
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): python3-3.6.15-150000.3.124.1, python3-core-3.6.15-150000.3.124.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): python3-3.6.15-150000.3.124.1, python3-core-3.6.15-150000.3.124.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): python3-3.6.15-150000.3.124.1, python3-core-3.6.15-150000.3.124.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): python3-3.6.15-150000.3.124.1, python3-core-3.6.15-150000.3.124.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): python3-3.6.15-150000.3.124.1, python3-core-3.6.15-150000.3.124.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): python3-3.6.15-150000.3.124.1, python3-core-3.6.15-150000.3.124.1
SUSE Enterprise Storage 7 (src): python3-3.6.15-150000.3.124.1, python3-core-3.6.15-150000.3.124.1
SUSE CaaS Platform 4.0 (src): python3-3.6.15-150000.3.124.1, python3-core-3.6.15-150000.3.124.1
SUSE Linux Enterprise Micro 5.1 (src): python3-3.6.15-150000.3.124.1, python3-core-3.6.15-150000.3.124.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Maintenance Automation 2023-03-15 20:30:01 UTC 
SUSE-SU-2023:0748-1: An update that solves five vulnerabilities can now be installed.

Category: security (important)
Bug References: 1208471, 831629
CVE References: CVE-2015-20107, CVE-2022-37454, CVE-2022-42919, CVE-2022-45061, CVE-2023-24329
Sources used:
openSUSE Leap 15.4 (src): python310-3.10.10-150400.4.22.1, python310-documentation-3.10.10-150400.4.22.1, python310-core-3.10.10-150400.4.22.1
Python 3 Module 15-SP4 (src): python310-3.10.10-150400.4.22.1, python310-core-3.10.10-150400.4.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Maintenance Automation 2023-03-22 12:30:11 UTC 
SUSE-SU-2023:0868-1: An update that solves one vulnerability and has one fix can now be installed.

Category: security (important)
Bug References: 1203355, 1208471
CVE References: CVE-2023-24329
Sources used:
openSUSE Leap Micro 5.3 (src): python3-3.6.15-150300.10.45.1, python3-core-3.6.15-150300.10.45.1
openSUSE Leap 15.4 (src): python3-3.6.15-150300.10.45.1, python3-documentation-3.6.15-150300.10.45.1, python3-core-3.6.15-150300.10.45.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): python3-3.6.15-150300.10.45.1, python3-core-3.6.15-150300.10.45.1
SUSE Linux Enterprise Micro 5.3 (src): python3-3.6.15-150300.10.45.1, python3-core-3.6.15-150300.10.45.1
Basesystem Module 15-SP4 (src): python3-3.6.15-150300.10.45.1, python3-core-3.6.15-150300.10.45.1
Development Tools Module 15-SP4 (src): python3-core-3.6.15-150300.10.45.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): python3-3.6.15-150300.10.45.1, python3-core-3.6.15-150300.10.45.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): python3-3.6.15-150300.10.45.1, python3-core-3.6.15-150300.10.45.1
SUSE Linux Enterprise Real Time 15 SP3 (src): python3-3.6.15-150300.10.45.1, python3-core-3.6.15-150300.10.45.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): python3-3.6.15-150300.10.45.1, python3-core-3.6.15-150300.10.45.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): python3-3.6.15-150300.10.45.1, python3-core-3.6.15-150300.10.45.1
SUSE Manager Proxy 4.2 (src): python3-3.6.15-150300.10.45.1, python3-core-3.6.15-150300.10.45.1
SUSE Manager Retail Branch Server 4.2 (src): python3-3.6.15-150300.10.45.1, python3-core-3.6.15-150300.10.45.1
SUSE Manager Server 4.2 (src): python3-3.6.15-150300.10.45.1, python3-core-3.6.15-150300.10.45.1
SUSE Enterprise Storage 7.1 (src): python3-3.6.15-150300.10.45.1, python3-core-3.6.15-150300.10.45.1
SUSE Linux Enterprise Micro 5.2 (src): python3-3.6.15-150300.10.45.1, python3-core-3.6.15-150300.10.45.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): python3-3.6.15-150300.10.45.1, python3-core-3.6.15-150300.10.45.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Maintenance Automation 2023-04-27 16:30:26 UTC 
SUSE-SU-2023:0868-2: An update that solves one vulnerability and has one fix can now be installed.

Category: security (important)
Bug References: 1203355, 1208471
CVE References: CVE-2023-24329
Sources used:
SUSE Linux Enterprise Micro for Rancher 5.4 (src): python3-3.6.15-150300.10.45.1, python3-core-3.6.15-150300.10.45.1
SUSE Linux Enterprise Micro 5.4 (src): python3-3.6.15-150300.10.45.1, python3-core-3.6.15-150300.10.45.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 35 OBSbugzilla Bot 2023-05-25 00:36:32 UTC 
This is an autogenerated message for OBS integration:
This bug (1208471) was mentioned in
https://build.opensuse.org/request/show/1088922 Factory / python
Comment 39 OBSbugzilla Bot 2023-06-28 19:45:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1208471) was mentioned in
https://build.opensuse.org/request/show/1095863 Factory / python310
Comment 40 OBSbugzilla Bot 2023-06-29 11:55:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1208471) was mentioned in
https://build.opensuse.org/request/show/1095964 Factory / python38
Comment 42 OBSbugzilla Bot 2023-06-30 22:55:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1208471) was mentioned in
https://build.opensuse.org/request/show/1096213 Factory / python39
Comment 43 OBSbugzilla Bot 2023-07-03 12:15:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1208471) was mentioned in
https://build.opensuse.org/request/show/1096536 Factory / python311
Comment 45 Maintenance Automation 2023-07-14 10:34:11 UTC 
SUSE-SU-2023:2639-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1208471
CVE References: CVE-2023-24329
Sources used:
SUSE OpenStack Cloud 9 (src): python-2.7.18-33.20.2, python-doc-2.7.18-33.20.2, python-base-2.7.18-33.20.2
SUSE OpenStack Cloud Crowbar 9 (src): python-2.7.18-33.20.2, python-doc-2.7.18-33.20.2, python-base-2.7.18-33.20.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (src): python-2.7.18-33.20.2, python-doc-2.7.18-33.20.2, python-base-2.7.18-33.20.2
SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (src): python-2.7.18-33.20.2, python-doc-2.7.18-33.20.2, python-base-2.7.18-33.20.2
SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (src): python-2.7.18-33.20.2, python-doc-2.7.18-33.20.2, python-base-2.7.18-33.20.2
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): python-2.7.18-33.20.2, python-doc-2.7.18-33.20.2, python-base-2.7.18-33.20.2
SUSE Linux Enterprise Server 12 SP5 (src): python-2.7.18-33.20.2, python-doc-2.7.18-33.20.2, python-base-2.7.18-33.20.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): python-2.7.18-33.20.2, python-doc-2.7.18-33.20.2, python-base-2.7.18-33.20.2
SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): python-base-2.7.18-33.20.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 47 Maintenance Automation 2023-07-19 16:30:18 UTC 
SUSE-SU-2023:2884-1: An update that solves two vulnerabilities and has one fix can now be installed.

Category: security (important)
Bug References: 1203750, 1208471, 1211765
CVE References: CVE-2007-4559, CVE-2023-24329
Sources used:
openSUSE Leap 15.5 (src): python310-3.10.12-150400.4.30.1, python310-documentation-3.10.12-150400.4.30.1, python310-core-3.10.12-150400.4.30.1
Python 3 Module 15-SP4 (src): python310-3.10.12-150400.4.30.1, python310-core-3.10.12-150400.4.30.1
openSUSE Leap 15.4 (src): python310-3.10.12-150400.4.30.1, python310-documentation-3.10.12-150400.4.30.1, python310-core-3.10.12-150400.4.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 48 Maintenance Automation 2023-07-25 08:50:00 UTC 
SUSE-SU-2023:2957-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1203750, 1208471
CVE References: CVE-2007-4559, CVE-2023-24329
Sources used:
openSUSE Leap 15.4 (src): python39-core-3.9.17-150300.4.30.1, python39-3.9.17-150300.4.30.1, python39-documentation-3.9.17-150300.4.30.1
openSUSE Leap 15.5 (src): python39-core-3.9.17-150300.4.30.1, python39-3.9.17-150300.4.30.1, python39-documentation-3.9.17-150300.4.30.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): python39-core-3.9.17-150300.4.30.1, python39-3.9.17-150300.4.30.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): python39-core-3.9.17-150300.4.30.1, python39-3.9.17-150300.4.30.1
SUSE Linux Enterprise Real Time 15 SP3 (src): python39-core-3.9.17-150300.4.30.1, python39-3.9.17-150300.4.30.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): python39-core-3.9.17-150300.4.30.1, python39-3.9.17-150300.4.30.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): python39-core-3.9.17-150300.4.30.1, python39-3.9.17-150300.4.30.1
SUSE Manager Proxy 4.2 (src): python39-core-3.9.17-150300.4.30.1, python39-3.9.17-150300.4.30.1
SUSE Manager Retail Branch Server 4.2 (src): python39-core-3.9.17-150300.4.30.1, python39-3.9.17-150300.4.30.1
SUSE Manager Server 4.2 (src): python39-core-3.9.17-150300.4.30.1, python39-3.9.17-150300.4.30.1
SUSE Enterprise Storage 7.1 (src): python39-core-3.9.17-150300.4.30.1, python39-3.9.17-150300.4.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 49 Marcus Meissner 2023-08-02 18:06:15 UTC 
done
Comment 58 Maintenance Automation 2024-02-27 12:30:27 UTC 
SUSE-SU-2023:2937-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1203750, 1208471
CVE References: CVE-2007-4559, CVE-2023-24329
Sources used:
openSUSE Leap 15.4 (src): python311-3.11.4-150400.9.15.1, python311-documentation-3.11.4-150400.9.15.2, python311-core-3.11.4-150400.9.15.3
openSUSE Leap 15.5 (src): python311-3.11.4-150400.9.15.1, python311-documentation-3.11.4-150400.9.15.2, python311-core-3.11.4-150400.9.15.3
Python 3 Module 15-SP4 (src): python311-3.11.4-150400.9.15.1, python311-documentation-3.11.4-150400.9.15.2, python311-core-3.11.4-150400.9.15.3
Python 3 Module 15-SP5 (src): python311-3.11.4-150400.9.15.1, python311-documentation-3.11.4-150400.9.15.2, python311-core-3.11.4-150400.9.15.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.