SUSE-SU-2021:0048-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2021/suse-su-20210048-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:0048-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2021:0048-1
Related
Published
2021-01-08T12:37:58Z
Modified
2021-01-08T12:37:58Z
Summary
Security update for python-defusedxml, python-freezegun, python-pkgconfig, python-python3-saml, python-xmlsec
Details

This update for python-defusedxml, python-freezegun, python-pkgconfig, python-python3-saml, python-xmlsec fixes the following issues:

  • Update to 0.6.0

    • Increase test coverage.
    • Add badges to README.
    • Test on Python 3.7 stable and 3.8-dev
    • Drop support for Python 3.4
    • No longer pass html argument to XMLParse. It has been deprecated and ignored for a long time. The DefusedXMLParser still takes a html argument. A deprecation warning is issued when the argument is False and a TypeError when it's True.
    • defusedxml now fails early when pyexpat stdlib module is not available or broken.
    • defusedxml.ElementTree.all now lists ParseError as public attribute.
    • The defusedxml.ElementTree and defusedxml.cElementTree modules had a typo and used XMLParse instead of XMLParser as an alias for DefusedXMLParser. Both the old and fixed name are now available.

  • Remove superfluous devel dependency for noarch package

  • Update to 5.0

    • Add compatibility with Python 3.6
    • Drop support for Python 2.6, 3.1, 3.2, 3.3
    • Fix lxml tests (XMLSyntaxError: Detected an entity reference loop)

  • Implement single-spec version.

  • Dummy changelog for bsc#1019074, FATE#322329

  • Add dependency on the full python (which is not pulled by setuptools anymore). Use %{pythons} macro now. (bsc#1177200)

  • Upgrade to 0.3.12:

    • Refactor classes to functions
    • Ignore Selenium
    • Move to pytest
    • Conditionally patch time.clock (removed in 3.8)
    • Patch time.time_ns added in Python 3.7

  • Do not require python2 module for building python3 module

  • Update to 0.3.11:

    • Performance improvements
    • Fix nesting time.time
    • Add nanosecond property

  • Remove superfluous devel dependency for noarch package

  • Add removedependencyon_mock.patch which removes dependency on python-mock for Python 3, where it is not required.

  • update to 0.3.10

    • Performance improvements
    • Coroutine support

  • update to version 0.3.9

    • If no time to be frozen, use current time
    • Fix uuid1 issues
    • Add support for python 3.6

update to version 0.3.8 * Improved unpatching when importing modules after freeze_time start() * Add manual increment via tick method * Fix bug with time.localtime not being reset. Closes #112. * Fix test to work when current timezone is GMT-14 or GMT+14. * Fixed #162 - allow decorating old-style classes. * Add support to PyMySQL * Assume the default time to freeze is 'now'. * Register fake types in PyMySQL conversions * Ignore threading and Queue modules. Closes #129. * Lock down coverage version since new coverage doesnt support py3.2 * Fix or py3 astimezone and not passing tz. Closes #138. * Add note about deafult arguments. Closes #140. * Add license info. Closes #120.

  • Update to 0.3.5
    • No upstream changelog

  • Remove unneeded freeze_hideDeps.patch

  • Use download Url as source

  • Use tarball provided by pypi

  • update to 1.5.1

    • Use poetry instead of setuptools directly
    • Fix #42: raise exception if package is missing
    • Fix version parsing for openssl-like version numbers, fixes #32
    • Add boolean static keyword to output private libraries as well
    • Raise original OSError as well

  • Add missing test dependency pkgconfig

References

Affected packages

SUSE:Enterprise Storage 6 / python-defusedxml

Package

Name
python-defusedxml
Purl
pkg:rpm/suse/python-defusedxml&distro=SUSE%20Enterprise%20Storage%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.0-1.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "python3-isodate": "0.6.0-1.3.2",
            "python3-defusedxml": "0.6.0-1.5.1",
            "python3-xmlsec": "1.3.6-1.5.1",
            "python3-freezegun": "0.3.12-1.5.1",
            "python3-pkgconfig": "1.5.1-1.5.1",
            "python3-python3-saml": "1.9.0-1.5.2"
        }
    ]
}

SUSE:Enterprise Storage 6 / python-freezegun

Package

Name
python-freezegun
Purl
pkg:rpm/suse/python-freezegun&distro=SUSE%20Enterprise%20Storage%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.12-1.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "python3-isodate": "0.6.0-1.3.2",
            "python3-defusedxml": "0.6.0-1.5.1",
            "python3-xmlsec": "1.3.6-1.5.1",
            "python3-freezegun": "0.3.12-1.5.1",
            "python3-pkgconfig": "1.5.1-1.5.1",
            "python3-python3-saml": "1.9.0-1.5.2"
        }
    ]
}

SUSE:Enterprise Storage 6 / python-isodate

Package

Name
python-isodate
Purl
pkg:rpm/suse/python-isodate&distro=SUSE%20Enterprise%20Storage%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.0-1.3.2

Ecosystem specific 

{
    "binaries": [
        {
            "python3-isodate": "0.6.0-1.3.2",
            "python3-defusedxml": "0.6.0-1.5.1",
            "python3-xmlsec": "1.3.6-1.5.1",
            "python3-freezegun": "0.3.12-1.5.1",
            "python3-pkgconfig": "1.5.1-1.5.1",
            "python3-python3-saml": "1.9.0-1.5.2"
        }
    ]
}

SUSE:Enterprise Storage 6 / python-pkgconfig

Package

Name
python-pkgconfig
Purl
pkg:rpm/suse/python-pkgconfig&distro=SUSE%20Enterprise%20Storage%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.1-1.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "python3-isodate": "0.6.0-1.3.2",
            "python3-defusedxml": "0.6.0-1.5.1",
            "python3-xmlsec": "1.3.6-1.5.1",
            "python3-freezegun": "0.3.12-1.5.1",
            "python3-pkgconfig": "1.5.1-1.5.1",
            "python3-python3-saml": "1.9.0-1.5.2"
        }
    ]
}

SUSE:Enterprise Storage 6 / python-python3-saml

Package

Name
python-python3-saml
Purl
pkg:rpm/suse/python-python3-saml&distro=SUSE%20Enterprise%20Storage%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.0-1.5.2

Ecosystem specific 

{
    "binaries": [
        {
            "python3-isodate": "0.6.0-1.3.2",
            "python3-defusedxml": "0.6.0-1.5.1",
            "python3-xmlsec": "1.3.6-1.5.1",
            "python3-freezegun": "0.3.12-1.5.1",
            "python3-pkgconfig": "1.5.1-1.5.1",
            "python3-python3-saml": "1.9.0-1.5.2"
        }
    ]
}

SUSE:Enterprise Storage 6 / python-xmlsec

Package

Name
python-xmlsec
Purl
pkg:rpm/suse/python-xmlsec&distro=SUSE%20Enterprise%20Storage%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.6-1.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "python3-isodate": "0.6.0-1.3.2",
            "python3-defusedxml": "0.6.0-1.5.1",
            "python3-xmlsec": "1.3.6-1.5.1",
            "python3-freezegun": "0.3.12-1.5.1",
            "python3-pkgconfig": "1.5.1-1.5.1",
            "python3-python3-saml": "1.9.0-1.5.2"
        }
    ]
}