csaf_suse - suse-su-2025:02074-1

suse-su-2025:02074-1

Vulnerability from csaf_suse

Published

2025-06-24 07:26

Modified

2025-06-24 07:26

Summary

Security update for python313

Notes

Title of the patch

Security update for python313

Description of the patch

This update for python313 fixes the following issues: Update to version 3.13.5. Security issues fixed: - CVE-2025-4517: arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2025-4330: extraction filter bypass for linking outside extraction directory (bsc#1244060) - CVE-2025-4138: may allow symlink targets to point outside the destination directory, and the modification of some file metadata. (bsc#1244059) - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse (bsc#1236705). - CVE-2024-12718: bypass extraction filter to modify file metadata outside extraction directory (bsc#1244056) - CVE-2024-12254: memory exhaustion due to unbounded memory buffering in `SelectorSocketTransport.writelines()` (bsc#1234290). Other changes and issues fixed: Changes from 3.13.5: - Tests - gh-135120: Add test.support.subTests(). - Library - gh-133967: Do not normalize locale name ‘C.UTF-8’ to ‘en_US.UTF-8’. - gh-135326: Restore support of integer-like objects with __index__() in random.getrandbits(). - gh-135321: Raise a correct exception for values greater than 0x7fffffff for the BINSTRING opcode in the C implementation of pickle. - gh-135276: Backported bugfixes in zipfile.Path from zipp 3.23. Fixed .name, .stem and other basename-based properties on Windows when working with a zipfile on disk. - gh-134151: email: Fix TypeError in email.utils.decode_params() when sorting RFC 2231 continuations that contain an unnumbered section. - gh-134152: email: Fix parsing of email message ID with invalid domain. - gh-127081: Fix libc thread safety issues with os by replacing getlogin with getlogin_r re-entrant version. - gh-131884: Fix formatting issues in json.dump() when both indent and skipkeys are used. - Core and Builtins - gh-135171: Roll back changes to generator and list comprehensions that went into 3.13.4 to fix gh-127682, but which involved semantic and bytecode changes not appropriate for a bugfix release. - C API - gh-134989: Fix Py_RETURN_NONE, Py_RETURN_TRUE and Py_RETURN_FALSE macros in the limited C API 3.11 and older: don’t treat Py_None, Py_True and Py_False as immortal. Patch by Victor Stinner. - gh-134989: Implement PyObject_DelAttr() and PyObject_DelAttrString() as macros in the limited C API 3.12 and older. Patch by Victor Stinner. Changes from 3.13.4: - Security - gh-135034: Fixes multiple issues that allowed tarfile extraction filters (filter='data' and filter='tar') to be bypassed using crafted symlinks and hard links. Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138 (bsc#1244059), CVE-2025-4330 (bsc#1244060), and CVE-2025-4517 (bsc#1244032). - gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler (CVE-2025-4516, bsc#1243273). - gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. - Library - gh-134718: ast.dump() now only omits None and [] values if they are default values. - gh-128840: Fix parsing long IPv6 addresses with embedded IPv4 address. - gh-134696: Built-in HACL* and OpenSSL implementations of hash function constructors now correctly accept the same documented named arguments. For instance, md5() could be previously invoked as md5(data=data) or md5(string=string) depending on the underlying implementation but these calls were not compatible. Patch by Bénédikt Tran. - gh-134210: curses.window.getch() now correctly handles signals. Patch by Bénédikt Tran. - gh-80334: multiprocessing.freeze_support() now checks for work on any “spawn” start method platform rather than only on Windows. - gh-114177: Fix asyncio to not close subprocess pipes which would otherwise error out when the event loop is already closed. - gh-134152: Fixed UnboundLocalError that could occur during email header parsing if an expected trailing delimiter is missing in some contexts. - gh-62184: Remove import of C implementation of io.FileIO from Python implementation which has its own implementation - gh-133982: Emit RuntimeWarning in the Python implementation of io when the file-like object is not closed explicitly in the presence of multiple I/O layers. - gh-133890: The tarfile module now handles UnicodeEncodeError in the same way as OSError when cannot extract a member. - gh-134097: Fix interaction of the new REPL and -X showrefcount command line option. - gh-133889: The generated directory listing page in http.server.SimpleHTTPRequestHandler now only shows the decoded path component of the requested URL, and not the query and fragment. - gh-134098: Fix handling paths that end with a percent-encoded slash (%2f or %2F) in http.server.SimpleHTTPRequestHandler. - gh-134062: ipaddress: fix collisions in __hash__() for IPv4Network and IPv6Network objects. - gh-133745: In 3.13.3 we accidentally changed the signature of the asyncio create_task() family of methods and how it calls a custom task factory in a backwards incompatible way. Since some 3rd party libraries have already made changes to work around the issue that might break if we simply reverted the changes, we’re instead changing things to be backwards compatible with 3.13.2 while still supporting those workarounds for 3.13.3. In particular, the special-casing of name and context is back (until 3.14) and consequently eager tasks may still find that their name hasn’t been set before they execute their first yielding await. - gh-71253: Raise ValueError in open() if opener returns a negative file-descriptor in the Python implementation of io to match the C implementation. - gh-77057: Fix handling of invalid markup declarations in html.parser.HTMLParser. - gh-133489: random.getrandbits() can now generate more that 231 bits. random.randbytes() can now generate more that 256 MiB. - gh-133290: Fix attribute caching issue when setting ctypes._Pointer._type_ in the undocumented and deprecated ctypes.SetPointerType() function and the undocumented set_type() method. - gh-132876: ldexp() on Windows doesn’t round subnormal results before Windows 11, but should. Python’s math.ldexp() wrapper now does round them, so results may change slightly, in rare cases of very small results, on Windows versions before 11. - gh-133089: Use original timeout value for subprocess.TimeoutExpired when the func subprocess.run() is called with a timeout instead of sometimes a confusing partial remaining time out value used internally on the final wait(). - gh-133009: xml.etree.ElementTree: Fix a crash in Element.__deepcopy__ when the element is concurrently mutated. Patch by Bénédikt Tran. - gh-132995: Bump the version of pip bundled in ensurepip to version 25.1.1 - gh-132017: Fix error when pyrepl is suspended, then resumed and terminated. - gh-132673: Fix a crash when using _align_ = 0 and _fields_ = [] in a ctypes.Structure. - gh-132527: Include the valid typecode ‘w’ in the error message when an invalid typecode is passed to array.array. - gh-132439: Fix PyREPL on Windows: characters entered via AltGr are swallowed. Patch by Chris Eibl. - gh-132429: Fix support of Bluetooth sockets on NetBSD and DragonFly BSD. - gh-132106: QueueListener.start now raises a RuntimeError if the listener is already started. - gh-132417: Fix a NULL pointer dereference when a C function called using ctypes with restype py_object returns NULL. - gh-132385: Fix instance error suggestions trigger potential exceptions in object.__getattr__() in traceback. - gh-132308: A traceback.TracebackException now correctly renders the __context__ and __cause__ attributes from falsey Exception, and the exceptions attribute from falsey ExceptionGroup. - gh-132250: Fixed the SystemError in cProfile when locating the actual C function of a method raises an exception. - gh-132063: Prevent exceptions that evaluate as falsey (namely, when their __bool__ method returns False or their __len__ method returns 0) from being ignored by concurrent.futures.ProcessPoolExecutor and concurrent.futures.ThreadPoolExecutor. - gh-119605: Respect follow_wrapped for __init__() and __new__() methods when getting the class signature for a class with inspect.signature(). Preserve class signature after wrapping with warnings.deprecated(). Patch by Xuehai Pan. - gh-91555: Ignore log messages generated during handling of log messages, to avoid deadlock or infinite recursion. - gh-131434: Improve error reporting for incorrect format in time.strptime(). - gh-131127: Systems using LibreSSL now successfully build. - gh-130999: Avoid exiting the new REPL and offer suggestions even if there are non-string candidates when errors occur. - gh-130941: Fix configparser.ConfigParser parsing empty interpolation with allow_no_value set to True. - gh-129098: Fix REPL traceback reporting when using compile() with an inexisting file. Patch by Bénédikt Tran. - gh-130631: http.cookiejar.join_header_words() is now more similar to the original Perl version. It now quotes the same set of characters and always quote values that end with '\n'. - gh-129719: Fix missing socket.CAN_RAW_ERR_FILTER constant in the socket module on Linux systems. It was missing since Python 3.11. - gh-124096: Turn on virtual terminal mode and enable bracketed paste in REPL on Windows console. (If the terminal does not support bracketed paste, enabling it does nothing.) - gh-122559: Remove __reduce__() and __reduce_ex__() methods that always raise TypeError in the C implementation of io.FileIO, io.BufferedReader, io.BufferedWriter and io.BufferedRandom and replace them with default __getstate__() methods that raise TypeError. This restores fine details of behavior of Python 3.11 and older versions. - gh-122179: hashlib.file_digest() now raises BlockingIOError when no data is available during non-blocking I/O. Before, it added spurious null bytes to the digest. - gh-86155: html.parser.HTMLParser.close() no longer loses data when the <script> tag is not closed. Patch by Waylan Limberg. - gh-69426: Fix html.parser.HTMLParser to not unescape character entities in attribute values if they are followed by an ASCII alphanumeric or an equals sign. - bpo-44172: Keep a reference to original curses windows in subwindows so that the original window does not get deleted before subwindows. - Tests - gh-133744: Fix multiprocessing interrupt test. Add an event to synchronize the parent process with the child process: wait until the child process starts sleeping. Patch by Victor Stinner. - gh-133639: Fix TestPyReplAutoindent.test_auto_indent_default() doesn’t run input_code. - gh-133131: The iOS testbed will now select the most recently released “SE-class” device for testing if a device isn’t explicitly specified. - gh-109981: The test helper that counts the list of open file descriptors now uses the optimised /dev/fd approach on all Apple platforms, not just macOS. This avoids crashes caused by guarded file descriptors. - IDLE - gh-112936: fix IDLE: no Shell menu item in single-process mode. - Documentation - gh-107006: Move documentation and example code for threading.local from its docstring to the official docs. - Core and Builtins - gh-134908: Fix crash when iterating over lines in a text file on the free threaded build. - gh-127682: No longer call __iter__ twice in list comprehensions. This brings the behavior of list comprehensions in line with other forms of iteration - gh-134381: Fix RuntimeError when using a not-started threading.Thread after calling os.fork() - gh-128066: Fixes an edge case where PyREPL improperly threw an error when Python is invoked on a read only filesystem while trying to write history file entries. - gh-134100: Fix a use-after-free bug that occurs when an imported module isn’t in sys.modules after its initial import. Patch by Nico-Posada. - gh-133703: Fix hashtable in dict can be bigger than intended in some situations. - gh-132869: Fix crash in the free threading build when accessing an object attribute that may be concurrently inserted or deleted. - gh-132762: fromkeys() no longer loops forever when adding a small set of keys to a large base dict. Patch by Angela Liss. - gh-133543: Fix a possible memory leak that could occur when directly accessing instance dictionaries (__dict__) that later become part of a reference cycle. - gh-133516: Raise ValueError when constants True, False or None are used as an identifier after NFKC normalization. - gh-133441: Fix crash upon setting an attribute with a dict subclass. Patch by Victor Stinner. - gh-132942: Fix two races in the type lookup cache. This affected the free-threaded build and could cause crashes (apparently quite difficult to trigger). - gh-132713: Fix repr(list) race condition: hold a strong reference to the item while calling repr(item). Patch by Victor Stinner. - gh-132747: Fix a crash when calling __get__() of a method with a None second argument. - gh-132542: Update Thread.native_id after fork(2) to ensure accuracy. Patch by Noam Cohen. - gh-124476: Fix decoding from the locale encoding in the C.UTF-8 locale. - gh-131927: Compiler warnings originating from the same module and line number are now only emitted once, matching the behaviour of warnings emitted from user code. This can also be configured with warnings filters. - gh-127682: No longer call __iter__ twice when creating and executing a generator expression. Creating a generator expression from a non-interable will raise only when the generator expression is executed. This brings the behavior of generator expressions in line with other generators. - gh-131878: Handle uncaught exceptions in the main input loop for the new REPL. - gh-131878: Fix support of unicode characters with two or more codepoints on Windows in the new REPL. - gh-130804: Fix support of unicode characters on Windows in the new REPL. - gh-130070: Fixed an assertion error for exec() passed a string source and a non-None closure. Patch by Bartosz Sławecki. - gh-129958: Fix a bug that was allowing newlines inconsitently in format specifiers for single-quoted f-strings. Patch by Pablo Galindo. - C API - gh-132909: Fix an overflow when handling the K format in Py_BuildValue(). Patch by Bénédikt Tran. - Changes from version 3.13.3 - Tools/Demos - gh-131852: msgfmt no longer adds the POT-Creation-Date to generated .mo files for consistency with GNU msgfmt. - gh-85012: Correctly reset msgctxt when compiling messages in msgfmt. - gh-130025: The iOS testbed now correctly handles symlinks used as Python framework references. - Tests - gh-131050: test_ssl.test_dh_params is skipped if the underlying TLS library does not support finite-field ephemeral Diffie-Hellman. - gh-129200: Multiple iOS testbed runners can now be started at the same time without introducing an ambiguity over simulator ownership. - gh-130292: The iOS testbed will now run successfully on a machine that has not previously run Xcode tests (such as CI configurations). - gh-130293: The tests of terminal colorization are no longer sensitive to the value of the TERM variable in the testing environment. - gh-126332: Add unit tests for pyrepl. - Security - gh-131809: Update bundled libexpat to 2.7.1 - gh-131261: Upgrade to libexpat 2.7.0 - gh-127371: Avoid unbounded buffering for tempfile.SpooledTemporaryFile.writelines(). Previously, disk spillover was only checked after the lines iterator had been exhausted. This is now done after each line is written. - gh-121284: Fix bug in the folding of rfc2047 encoded-words when flattening an email message using a modern email policy. Previously when an encoded-word was too long for a line, it would be decoded, split across lines, and re-encoded. But commas and other special characters in the original text could be left unencoded and unquoted. This could theoretically be used to spoof header lines using a carefully constructed encoded-word if the resulting rendered email was transmitted or re-parsed. - Library - gh-132174: Fix function name in error message of _interpreters.run_string. - gh-132171: Fix crash of _interpreters.run_string on string subclasses. - gh-129204: Introduce new _PYTHON_SUBPROCESS_USE_POSIX_SPAWN environment variable knob in subprocess to control the use of os.posix_spawn(). - gh-132159: Do not shadow user arguments in generated __new__() by decorator warnings.deprecated. Patch by Xuehai Pan. - gh-132075: Fix possible use of socket address structures with uninitialized members. Now all structure members are initialized with zeroes by default. - gh-132002: Fix crash when deallocating contextvars.ContextVar with weird unahashable string names. - gh-131668: socket: Fix code parsing AF_BLUETOOTH socket addresses. - gh-131492: Fix a resource leak when constructing a gzip.GzipFile with a filename fails, for example when passing an invalid compresslevel. - gh-131325: Fix sendfile fallback implementation to drain data after writing to transport in asyncio. - gh-129843: Fix incorrect argument passing in warnings.warn_explicit(). - gh-131204: Use monospace font from System Font Stack for cross-platform support in difflib.HtmlDiff. - gh-130940: The PyConfig.use_system_logger attribute, introduced in Python 3.13.2, has been removed. The introduction of this attribute inadvertently introduced an ABI breakage on macOS and iOS. The use of the system logger is now enabled by default on iOS, and disabled by default on macOS. - gh-131045: Fix issue with __contains__, values, and pseudo-members for enum.Flag. - gh-130959: Fix pure-Python implementation of datetime.time.fromisoformat() to reject times with spaces in fractional part (for example, 12:34:56.400 +02:00), matching the C implementation. Patch by Michał Gorny. - gh-130637: Add validation for numeric response data in poplib.POP3.stat() method - gh-130461: Remove .. index:: directives from the uuid module documentation. These directives previously created entries in the general index for getnode() as well as the uuid1(), uuid3(), uuid4(), and uuid5() constructor functions. - gh-130379: The zipapp module now calculates the list of files to be added to the archive before creating the archive. This avoids accidentally including the target when it is being created in the source directory. - gh-130285: Fix corner case for random.sample() allowing the counts parameter to specify an empty population. So now, sample([], 0, counts=[]) and sample('abc', k=0, counts=[0, 0, 0]) both give the same result as sample([], 0). - gh-130250: Fix regression in traceback.print_last(). - gh-130230: Fix crash in pow() with only Decimal third argument. - gh-118761: Reverts a change in the previous release attempting to make some stdlib imports used within the subprocess module lazy as this was causing errors during __del__ finalizers calling methods such as terminate, or kill, or send_signal. - gh-130164: Fixed failure to raise TypeError in inspect.Signature.bind() for positional-only arguments provided by keyword when a variadic keyword argument (e.g. --kwargs) is present. - gh-130151: Fix reference leaks in _hashlib.hmac_new() and _hashlib.hmac_digest(). Patch by Bénédikt Tran. - gh-130145: Fix asyncio.AbstractEventloop.run_forever() when another loop is already running. - gh-129726: Fix gzip.GzipFile raising an unraisable exception during garbage collection when referring to a temporary object by breaking the reference loop with weakref. - gh-127750: Remove broken functools.singledispatchmethod() caching introduced in gh-85160. - gh-129583: Update bundled pip to 25.0.1 - gh-97850: Update the deprecation warning of importlib.abc.Loader.load_module(). - gh-129646: Update the locale alias mapping in the locale module to match the latest X Org locale alias mapping and support new locales in Glibc 2.41. - gh-129603: Fix bugs where sqlite3.Row objects could segfault if their inherited description was set to None. Patch by Erlend Aasland. - gh-128231: Execution of multiple statements in the new REPL now stops immediately upon the first exception encountered. Patch by Bartosz Sławecki. - gh-117779: Fix reading duplicated entries in zipfile by name. Reading duplicated entries (except the last one) by ZipInfo now emits a warning instead of raising an exception. - gh-128772: Fix pydoc for methods with the __module__ attribute equal to None. - gh-92897: Scheduled the deprecation of the check_home argument of sysconfig.is_python_build() to Python 3.15. - gh-128657: Fix possible extra reference when using objects returned by hashlib.sha256() under free threading. - gh-128703: Fix mimetypes.guess_type() to use default mapping for empty Content-Type in registry. - gh-128308: Support the name keyword argument for eager tasks in asyncio.loop.create_task(), asyncio.create_task() and asyncio.TaskGroup.create_task(), by passing on all kwargs to the task factory set by asyncio.loop.set_task_factory(). - gh-128388: Fix PyREPL on Windows to support more keybindings, like the Control-← and Control-→ word-skipping keybindings and those with meta (i.e. Alt), e.g. Alt-d to kill-word or Alt-Backspace backward-kill-word. - gh-126037: xml.etree.ElementTree: Fix a crash in Element.find, Element.findtext and Element.findall when the tag to find implements an __eq__() method mutating the element being queried. Patch by Bénédikt Tran. - gh-127712: Fix handling of the secure argument of logging.handlers.SMTPHandler. - gh-126033: xml.etree.ElementTree: Fix a crash in Element.remove when the element is concurrently mutated. Patch by Bénédikt Tran. - gh-118201: Fixed intermittent failures of os.confstr, os.pathconf and os.sysconf on iOS and Android. - gh-124927: Non-printing characters are now properly handled in the new REPL. - IDLE - gh-129873: Simplify displaying the IDLE doc by only copying the text section of idle.html to idlelib/help.html. Patch by Stan Ulbrych. - Documentation - gh-131417: Mention asyncio.Future and asyncio.Task in generic classes list. - gh-125722: Require Sphinx 8.2.0 or later to build the Python documentation. Patch by Adam Turner. - gh-129712: The wheel tags supported by each macOS universal SDK option are now documented. - gh-46236: C API: Document PyUnicode_RSplit(), PyUnicode_Partition() and PyUnicode_RPartition(). - Core and Builtins - gh-132011: Fix crash when calling list.append() as an unbound method. - gh-131998: Fix a crash when using an unbound method descriptor object in a function where a bound method descriptor was used. - gh-131988: Fix a performance regression that caused scaling bottlenecks in the free threaded build in 3.13.1 and 3.13.2. - gh-131719: Fix missing NULL check in _PyMem_FreeDelayed in free-threaded build. - gh-131670: Fix anext() failing on sync __anext__() raising an exception. - gh-131141: Fix data race in sys.monitoring instrumentation while registering callback. - gh-130932: Fix incorrect exception handling in _PyModule_IsPossiblyShadowing - gh-130851: Fix a crash in the free threading build when constructing a code object with co_consts that contains instances of types that are not otherwise generated by the bytecode compiler. - gh-130794: Fix memory leak in the free threaded build when resizing a shared list or dictionary from multiple short-lived threads. - gh-130775: Do not crash on negative column and end_column in ast locations. - gh-130382: Fix PyRefTracer_DESTROY not being sent from Python/ceval.c Py_DECREF(). - gh-130618: Fix a bug that was causing UnicodeDecodeError or SystemError to be raised when using f-strings with lambda expressions with non-ASCII characters. Patch by Pablo Galindo - gh-130163: Fix possible crashes related to concurrent change and use of the sys module attributes. - gh-88887: Fixing multiprocessing Resource Tracker process leaking, usually observed when running Python as PID 1. - gh-130115: Fix an issue with thread identifiers being sign-extended on some platforms. - gh-128396: Fix a crash that occurs when calling locals() inside an inline comprehension that uses the same local variable as the outer frame scope where the variable is a free or cell var. - gh-116042: Fix location for SyntaxErrors of invalid escapes in the tokenizer. Patch by Pablo Galindo - gh-129983: Fix data race in compile_template in sre.c. - gh-129967: Fix a race condition in the free threading build when repr(set) is called concurrently with set.clear(). - gh-129900: Fix return codes inside SystemExit not getting returned by the REPL. - gh-129732: Fixed a race in _Py_qsbr_reserve in the free threading build. - gh-129643: Fix thread safety of PyList_Insert() in free-threading builds. - gh-129668: Fix race condition when raising MemoryError in the free threaded build. - gh-129643: Fix thread safety of PyList_SetItem() in free-threading builds. Patch by Kumar Aditya. - gh-128714: Fix the potential races in get/set dunder methods __annotations__, __annotate__ and __type_params__ for function object, and add related tests. - gh-128632: Disallow __classdict__ as the name of a type parameter. Using this name would previously crash the interpreter in some circumstances. - gh-127953: The time to handle a LINE event in sys.monitoring (and sys.settrace) is now independent of the number of lines in the code object. - gh-125331: from __future__ import barry_as_FLUFL now works in more contexts, including when it is used in files, with the -c flag, and in the REPL when there are multiple statements on the same line. Previously, it worked only on subsequent lines in the REPL, and when the appropriate flags were passed directly to compile(). Patch by Pablo Galindo. - C API - gh-131740: Update PyUnstable_GC_VisitObjects to traverse perm gen. - gh-129533: Update PyGC_Enable(), PyGC_Disable(), PyGC_IsEnabled() to use atomic operation for thread-safety at free-threading build. Patch by Donghee Na. - Build - gh-131865: The DTrace build now properly passes the CC and CFLAGS variables to the dtrace command when utilizing SystemTap on Linux. - gh-131675: Fix mimalloc library builds for 32-bit ARM targets. - gh-130673: Fix potential KeyError when handling object sections during JIT building process. - gh-130740: Ensure that Python.h is included before stdbool.h unless pyconfig.h is included before or in some platform-specific contexts. - gh-129838: Don’t redefine _Py_NO_SANITIZE_UNDEFINED when compiling with a recent GCC version and undefined sanitizer enabled. - gh-129660: Drop test_embed from PGO training, whose contribution in recent versions is considered to be ignorable. - Changes from version 3.13.2: - Tools/Demos - gh-128152: Fix a bug where Argument Clinic’s C pre-processor parser tried to parse pre-processor directives inside C comments. Patch by Erlend Aasland. - Tests - gh-127906: Test the limited C API in test_cppext. Patch by Victor Stinner. - gh-127637: Add tests for the dis command-line interface. Patch by Bénédikt Tran. - gh-126925: iOS test results are now streamed during test execution, and the deprecated xcresulttool is no longer used. - Security - gh-105704: When using urllib.parse.urlsplit() and urllib.parse.urlparse() host parsing would not reject domain names containing square brackets ([ and ]). Square brackets are only valid for IPv6 and IPvFuture hosts according to RFC 3986 Section 3.2.2. (CVE-2025-0938, bsc#1236705) - gh-127655: Fixed the asyncio.selector_events._SelectorSocketTransport transport not pausing writes for the protocol when the buffer reaches the high water mark when using asyncio.WriteTransport.writelines() (CVE-2024-12254, bsc#1234290). - gh-126108: Fix a possible NULL pointer dereference in PySys_AddWarnOptionUnicode(). - gh-80222: Fix bug in the folding of quoted strings when flattening an email message using a modern email policy. Previously when a quoted string was folded so that it spanned more than one line, the surrounding quotes and internal escapes would be omitted. This could theoretically be used to spoof header lines using a carefully constructed quoted string if the resulting rendered email was transmitted or re-parsed. - gh-119511: Fix a potential denial of service in the imaplib module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. On many systems this is harmless as unused virtual memory is only a mapping, but if this hit a virtual address size limit it could lead to a MemoryError or other process crash. On unusual systems or builds where all allocated memory is touched and backed by actual ram or storage it could’ve consumed resources doing so until similarly crashing. - Library - gh-129502: Unlikely errors in preparing arguments for ctypes callback are now handled in the same way as errors raised in the callback of in converting the result of the callback – using sys.unraisablehook() instead of sys.excepthook() and not setting sys.last_exc and other variables. - gh-129403: Corrected ValueError message for asyncio.Barrier and threading.Barrier. - gh-129409: Fix an integer overflow in the csv module when writing a data field larger than 2GB. - gh-118761: Improve import time of subprocess by lazy importing locale and signal. Patch by Taneli Hukkinen. - gh-129346: In sqlite3, handle out-of-memory when creating user-defined SQL functions. - gh-129061: Fix FORCE_COLOR and NO_COLOR when empty strings. Patch by Hugo van Kemenade. - gh-128550: Removed an incorrect optimization relating to eager tasks in asyncio.TaskGroup that resulted in cancellations being missed. - gh-128991: Release the enter frame reference within bdb callback - gh-128978: Fix a NameError in sysconfig.expand_makefile_vars(). Patch by Bénédikt Tran. - gh-128961: Fix a crash when setting state on an exhausted array.array iterator. - gh-128894: Fix traceback.TracebackException._format_syntax_error not to fail on exceptions with custom metadata. - gh-128916: Do not attempt to set SO_REUSEPORT on sockets of address families other than AF_INET and AF_INET6, as it is meaningless with these address families, and the call with fail with Linux kernel 6.12.9 and newer. - gh-128679: Fix tracemalloc.stop() race condition. Fix tracemalloc to support calling tracemalloc.stop() in one thread, while another thread is tracing memory allocations. Patch by Victor Stinner. - gh-128636: Fix PyREPL failure when os.environ is overwritten with an invalid value. - gh-128562: Fix possible conflicts in generated tkinter widget names if the widget class name ends with a digit. - gh-128498: Default to stdout isatty for color detection instead of stderr. Patch by Hugo van Kemenade. - gh-128552: Fix cyclic garbage introduced by asyncio.loop.create_task() and asyncio.TaskGroup.create_task() holding a reference to the created task if it is eager. - gh-128479: Fix asyncio.staggered.staggered_race() leaking tasks and issuing an unhandled exception. - gh-128400: Fix crash when using faulthandler.dump_traceback() while other threads are active on the free threaded build. - gh-88834: Unify the instance check for typing.Union and types.UnionType: Union now uses the instance checks against its parameters instead of the subclass checks. - gh-128302: Fix xml.dom.xmlbuilder.DOMEntityResolver.resolveEntity(), which was broken by the Python 3.0 transition. - gh-128302: Allow xml.dom.xmlbuilder.DOMParser.parse() to correctly handle xml.dom.xmlbuilder.DOMInputSource instances that only have a systemId attribute set. - gh-112064: Fix incorrect handling of negative read sizes in HTTPResponse.read. Patch by Yury Manushkin. - gh-58956: Fixed a frame reference leak in bdb. - gh-128131: Completely support random access of uncompressed unencrypted read-only zip files obtained by ZipFile.open. - gh-112328: enum.EnumDict can now be used without resorting to private API. - gh-127975: Avoid reusing quote types in ast.unparse() if not needed. - gh-128062: Revert the font of turtledemo’s menu bar to its default value and display the shortcut keys in the correct position. - gh-128014: Fix resetting the default window icon by passing default='' to the tkinter method wm_iconbitmap(). - gh-115514: Fix exceptions and incomplete writes after asyncio._SelectorTransport is closed before writes are completed. - gh-41872: Fix quick extraction of module docstrings from a file in pydoc. It now supports docstrings with single quotes, escape sequences, raw string literals, and other Python syntax. - gh-127060: Set TERM environment variable to “dumb” to disable traceback colors in IDLE, since IDLE doesn’t understand ANSI escape sequences. Patch by Victor Stinner. - gh-126742: Fix support of localized error messages reported by dlerror(3) and gdbm_strerror in ctypes and dbm.gnu functions respectively. Patch by Bénédikt Tran. - gh-127873: When -E is set, only ignore PYTHON_COLORS and not FORCE_COLOR/NO_COLOR/TERM when colourising output. Patch by Hugo van Kemenade. - gh-127870: Detect recursive calls in ctypes _as_parameter_ handling. Patch by Victor Stinner. - gh-127847: Fix the position when doing interleaved seeks and reads in uncompressed, unencrypted zip files returned by zipfile.ZipFile.open(). - gh-127732: The platform module now correctly detects Windows Server 2025. - gh-126821: macOS and iOS apps can now choose to redirect stdout and stderr to the system log during interpreter configuration. - gh-93312: Include <sys/pidfd.h> to get os.PIDFD_NONBLOCK constant. Patch by Victor Stinner. - gh-83662: Add missing __class_getitem__ method to the Python implementation of functools.partial(), to make it compatible with the C version. This is mainly relevant for alternative Python implementations like PyPy and GraalPy, because CPython will usually use the C-implementation of that function. - gh-127586: multiprocessing.pool.Pool now properly restores blocked signal handlers of the parent thread when creating processes via either spawn or forkserver. - gh-98188: Fix an issue in email.message.Message.get_payload() where data cannot be decoded if the Content Transfer Encoding mechanism contains trailing whitespaces or additional junk text. Patch by Hui Liu. - gh-127257: In ssl, system call failures that OpenSSL reports using ERR_LIB_SYS are now raised as OSError. - gh-127096: Do not recreate unnamed section on every read in configparser.ConfigParser. Patch by Andrey Efremov. - gh-127196: Fix crash when dict with keys in invalid encoding were passed to several functions in _interpreters module. - gh-126775: Make linecache.checkcache() thread safe and GC re-entrancy safe. - gh-126332: Fix _pyrepl crash when entering a double CTRL-Z on an overflowing line. - gh-126225: getopt and optparse are no longer marked as deprecated. There are legitimate reasons to use one of these modules in preference to argparse, and none of these modules are at risk of being removed from the standard library. Of the three, argparse remains the recommended default choice, unless one of the concerns noted at the top of the optparse module documentation applies. - gh-125553: Fix round-trip invariance for backslash continuations in tokenize.untokenize(). - gh-123987: Fixed issue in NamespaceReader where a non-path item in a namespace path, such as a sentinel added by an editable installer, would break resource loading. - gh-123401: The http.cookies module now supports parsing obsolete RFC 850 date formats, in accordance with RFC 9110 requirements. Patch by Nano Zheng. - gh-122431: readline.append_history_file() now raises a ValueError when given a negative value. - gh-119257: Show tab completions menu below the current line, which results in less janky behaviour, and fixes a cursor movement bug. Patch by Daniel Hollas - Documentation - gh-125722: Require Sphinx 8.1.3 or later to build the Python documentation. Patch by Adam Turner. - gh-67206: Document that string.printable is not printable in the POSIX sense. In particular, string.printable.isprintable() returns False. Patch by Bénédikt Tran. - Core and Builtins - gh-129345: Fix null pointer dereference in syslog.openlog() when an audit hook raises an exception. - gh-129093: Fix f-strings such as f'{expr=}' sometimes not displaying the full expression when the expression contains !=. - gh-124363: Treat debug expressions in f-string as raw strings. Patch by Pablo Galindo - gh-128799: Add frame of except* to traceback when it wraps a naked exception. - gh-128078: Fix a SystemError when using anext() with a default tuple value. Patch by Bénédikt Tran. - gh-128717: Fix a crash when setting the recursion limit while other threads are active on the free threaded build. - gh-128330: Restore terminal control characters on REPL exit. - gh-128079: Fix a bug where except* does not properly check the return value of an ExceptionGroup’s split() function, leading to a crash in some cases. Now when split() returns an invalid object, except* raises a TypeError with the original raised ExceptionGroup object chained to it. - gh-128030: Avoid error from calling PyModule_GetFilenameObject on a non-module object when importing a non-existent symbol from a non-module object. - gh-127903: Objects/unicodeobject.c: fix a crash on DEBUG builds in _copy_characters when there is nothing to copy. - gh-127599: Fix statistics for increments of object reference counts (in particular, when a reference count was increased by more than 1 in a single operation). - gh-127651: When raising ImportError for missing symbols in from imports, use __file__ in the error message if __spec__.origin is not a location - gh-127582: Fix non-thread-safe object resurrection when calling finalizers and watcher callbacks in the free threading build. - gh-127434: The iOS compiler shims can now accept arguments with spaces. - gh-127536: Add missing locks around some list assignment operations in the free threading build. - gh-126862: Fix a possible overflow when a class inherits from an absurd number of super-classes. Reported by Valery Fedorenko. Patch by Bénédikt Tran. - gh-127349: Fixed the error when resizing terminal in Python REPL. Patch by Semyon Moroz. - gh-126076: Relocated objects such as tuple, bytes and str objects are properly tracked by tracemalloc and its associated hooks. Patch by Pablo Galindo. - C API - gh-127791: Fix loss of callbacks after more than one call to PyUnstable_AtExit(). - Build - gh-129539: Don’t redefine EX_OK when the system has the sysexits.h header. - gh-128472: Skip BOLT optimization of functions using computed gotos, fixing errors on build with LLVM 19. - gh-123925: Fix building the curses module on platforms with libncurses but without libncursesw. - gh-128321: Set LIBS instead of LDFLAGS when checking if sqlite3 library functions are available. This fixes the ordering of linked libraries during checks, which was incorrect when using a statically linked libsqlite3. - gh-127865: Fix build failure on systems without thread-locals support. - Changes from version 3.13.1: - Tools/Demos - gh-126807: Fix extraction warnings in pygettext.py caused by mistaking function definitions for function calls. - gh-126167: The iOS testbed was modified so that it can be used by third-party projects for testing purposes. - Tests - gh-126909: Fix test_os extended attribute tests to work on filesystems with 1 KiB xattr size limit. - gh-125041: Re-enable skipped tests for zlib on the s390x architecture: only skip checks of the compressed bytes, which can be different between zlib’s software implementation and the hardware-accelerated implementation. - gh-124295: Add translation tests to the argparse module. - Security - gh-126623: Upgrade libexpat to 2.6.4 - gh-125140: Remove the current directory from sys.path when using PyREPL. - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified. - Library - gh-127321: pdb.set_trace() will not stop at an opcode that does not have an associated line number anymore. - gh-127303: Publicly expose EXACT_TOKEN_TYPES in token.__all__. - gh-123967: Fix faulthandler for trampoline frames. If the top-most frame is a trampoline frame, skip it. Patch by Victor Stinner. - gh-127182: Fix io.StringIO.__setstate__() crash, when None was passed as the first value. - gh-127217: Fix urllib.request.pathname2url() for paths starting with multiple slashes on Posix. - gh-127035: Fix shutil.which on Windows. Now it looks at direct match if and only if the command ends with a PATHEXT extension or X_OK is not in mode. Support extensionless files if “.” is in PATHEXT. Support PATHEXT extensions that end with a dot. - gh-122273: Support PyREPL history on Windows. Patch by devdanzin and Victor Stinner. - gh-127078: Fix issue where urllib.request.url2pathname() failed to discard an extra slash before a UNC drive in the URL path on Windows. - gh-126766: Fix issue where urllib.request.url2pathname() failed to discard any ‘localhost’ authority present in the URL. - gh-127065: Fix crash when calling a operator.methodcaller() instance from multiple threads in the free threading build. - gh-126997: Fix support of STRING and GLOBAL opcodes with non-ASCII arguments in pickletools. pickletools.dis() now outputs non-ASCII bytes in STRING, BINSTRING and SHORT_BINSTRING arguments as escaped (\xXX). - gh-126316: grp: Make grp.getgrall() thread-safe by adding a mutex. Patch by Victor Stinner. - gh-126618: Fix the representation of itertools.count objects when the count value is sys.maxsize. - gh-85168: Fix issue where urllib.request.url2pathname() and pathname2url() always used UTF-8 when quoting and unquoting file URIs. They now use the filesystem encoding and error handler. - gh-67877: Fix memory leaks when regular expression matching terminates abruptly, either because of a signal or because memory allocation fails. - gh-126789: Fixed the values of sysconfig.get_config_vars(), sysconfig.get_paths(), and their siblings when the site initialization happens after sysconfig has built a cache for sysconfig.get_config_vars(). - gh-126188: Update bundled pip to 24.3.1 - gh-126780: Fix os.path.normpath() for drive-relative paths on Windows. - gh-126766: Fix issue where urllib.request.url2pathname() failed to discard two leading slashes introducing an empty authority section. - gh-126727: locale.nl_langinfo(locale.ERA) now returns multiple era description segments separated by semicolons. Previously it only returned the first segment on platforms with Glibc. - gh-126699: Allow collections.abc.AsyncIterator to be a base for Protocols. - gh-126654: Fix crash when non-dict was passed to several functions in _interpreters module. - gh-104745: Limit starting a patcher (from unittest.mock.patch() or unittest.mock.patch.object()) more than once without stopping it - gh-126595: Fix a crash when instantiating itertools.count with an initial count of sys.maxsize on debug builds. Patch by Bénédikt Tran. - gh-120423: Fix issue where urllib.request.pathname2url() mishandled Windows paths with embedded forward slashes. - gh-126565: Improve performances of zipfile.Path.open() for non-reading modes. - gh-126505: Fix bugs in compiling case-insensitive regular expressions with character classes containing non-BMP characters: upper-case non-BMP character did was ignored and the ASCII flag was ignored when matching a character range whose upper bound is beyond the BMP region. - gh-117378: Fixed the multiprocessing 'forkserver' start method forkserver process to correctly inherit the parent’s sys.path during the importing of multiprocessing.set_forkserver_preload() modules in the same manner as sys.path is configured in workers before executing work items. - This bug caused some forkserver module preloading to silently fail to preload. This manifested as a performance degration in child processes when the sys.path was required due to additional repeated work in every worker. - It could also have a side effect of '' remaining in sys.path during forkserver preload imports instead of the absolute path from os.getcwd() at multiprocessing import time used in the worker sys.path. - The sys.path differences between phases in the child process could potentially have caused preload to import incorrect things from the wrong location. We are unaware of that actually having happened in practice. - gh-125679: The multiprocessing.Lock and multiprocessing.RLock repr values no longer say “unknown” on macOS. - gh-126476: Raise calendar.IllegalMonthError (now a subclass of IndexError) for calendar.month() when the input month is not correct. - gh-126489: The Python implementation of pickle no longer calls pickle.Pickler.persistent_id() for the result of persistent_id(). - gh-126313: Fix an issue in curses.napms() when curses.initscr() has not yet been called. Patch by Bénédikt Tran. - gh-126303: Fix pickling and copying of os.sched_param objects. - gh-126138: Fix a use-after-free crash on asyncio.Task objects whose underlying coroutine yields an object that implements an evil __getattribute__(). Patch by Nico Posada. - gh-126220: Fix crash in cProfile.Profile and _lsprof.Profiler when their callbacks were directly called with 0 arguments. - gh-126212: Fix issue where urllib.request.pathname2url() and url2pathname() removed slashes from Windows DOS drive paths and URLs. - gh-126223: Raise a UnicodeEncodeError instead of a SystemError upon calling _interpreters.create() with an invalid Unicode character. - gh-126205: Fix issue where urllib.request.pathname2url() generated URLs beginning with four slashes (rather than two) when given a Windows UNC path. - gh-126105: Fix a crash in ast when the ast.AST._fields attribute is deleted. - gh-126106: Fixes a possible NULL pointer dereference in ssl. - gh-126080: Fix a use-after-free crash on asyncio.Task objects for which the underlying event loop implements an evil __getattribute__(). Reported by Nico-Posada. Patch by Bénédikt Tran. - gh-126083: Fixed a reference leak in asyncio.Task objects when reinitializing the same object with a non-None context. Patch by Nico Posada. - gh-125984: Fix use-after-free crashes on asyncio.Future objects for which the underlying event loop implements an evil __getattribute__(). Reported by Nico-Posada. Patch by Bénédikt Tran. - gh-125969: Fix an out-of-bounds crash when an evil asyncio.loop.call_soon() mutates the length of the internal callbacks list. Patch by Bénédikt Tran. - gh-125966: Fix a use-after-free crash in asyncio.Future.remove_done_callback(). Patch by Bénédikt Tran. - gh-125789: Fix possible crash when mutating list of callbacks returned by asyncio.Future._callbacks. It now always returns a new copy in C implementation _asyncio. Patch by Kumar Aditya. - gh-124452: Fix an issue in email.policy.EmailPolicy.header_source_parse() and email.policy.Compat32.header_source_parse() that introduced spurious leading whitespaces into header values when the header includes a newline character after the header name delimiter (:) and before the value. - gh-125884: Fixed the bug for pdb where it can’t set breakpoints on functions with certain annotations. - gh-125355: Fix several bugs in argparse.ArgumentParser.parse_intermixed_args(). - The parser no longer changes temporarily during parsing. - Default values are not processed twice. - Required mutually exclusive groups containing positional arguments are now supported. - The missing arguments report now includes the names of all required optional and positional arguments. - Unknown options can be intermixed with positional arguments in parse_known_intermixed_args(). - gh-125666: Avoid the exiting the interpreter if a null byte is given as input in the new REPL. - gh-125710: [Enum] fix hashable<->nonhashable comparisons for member values - gh-125631: Restore ability to set persistent_id and persistent_load attributes of instances of the Pickler and Unpickler classes in the pickle module. - gh-125378: Fixed the bug in pdb where after a multi-line command, an empty line repeats the first line of the multi-line command, instead of the full command. - gh-125682: Reject non-ASCII digits in the Python implementation of json.loads() conforming to the JSON specification. - gh-125660: Reject invalid unicode escapes for Python implementation of json.loads(). - gh-125259: Fix the notes removal logic for errors thrown in enum initialization. - gh-125590: Allow FrameLocalsProxy to delete and pop if the key is not a fast variable. - gh-125519: Improve traceback if importlib.reload() is called with an object that is not a module. Patch by Alex Waygood. - gh-125451: Fix deadlock when concurrent.futures.ProcessPoolExecutor shuts down concurrently with an error when feeding a job to a worker process. - gh-125422: Fixed the bug where pdb and bdb can step into the bottom caller frame. - gh-100141: Fixed the bug where pdb will be stuck in an infinite loop when debugging an empty file. - gh-125115: Fixed a bug in pdb where arguments starting with - can’t be passed to the debugged script. - gh-53203: Fix time.strptime() for %c, %x and %X formats in many locales that use non-ASCII digits, like Persian, Burmese, Odia and Shan. - gh-125398: Fix the conversion of the VIRTUAL_ENV path in the activate script in venv when running in Git Bash for Windows. - gh-125316: Fix using functools.partial() as enum.Enum member. A FutureWarning with suggestion to use enum.member() is now emitted when the partial instance is used as an enum member. - gh-125245: Fix race condition when importing collections.abc, which could incorrectly return an empty module. - gh-125243: Fix data race when creating zoneinfo.ZoneInfo objects in the free threading build. - gh-125254: Fix a bug where ArgumentError includes the incorrect ambiguous option in argparse. - gh-125235: Keep tkinter TCL paths in venv pointing to base installation on Windows. - gh-61011: Fix inheritance of nested mutually exclusive groups from parent parser in argparse.ArgumentParser. Previously, all nested mutually exclusive groups lost their connection to the group containing them and were displayed as belonging directly to the parser. - gh-52551: Fix encoding issues in time.strftime(), the strftime() method of the datetime classes datetime, date and time and formatting of these classes. Characters not encodable in the current locale are now acceptable in the format string. Surrogate pairs and sequence of surrogatescape-encoded bytes are no longer recombinated. Embedded null character no longer terminates the format string. - gh-125118: Don’t copy arbitrary values to _Bool in the struct module. - gh-125069: Fix an issue where providing a pathlib.PurePath object as an initializer argument to a second PurePath object with a different parser resulted in arguments to the former object’s initializer being joined by the latter object’s parser. - gh-125096: If the PYTHON_BASIC_REPL environment variable is set, the site module no longer imports the _pyrepl module. Moreover, the site module now respects -E and -I command line options: ignore PYTHON_BASIC_REPL in this case. Patch by Victor Stinner. - gh-124969: Fix locale.nl_langinfo(locale.ALT_DIGITS) on platforms with glibc. Now it returns a string consisting of up to 100 semicolon-separated symbols (an empty string in most locales) on all Posix platforms. Previously it only returned the first symbol or an empty string. - gh-124960: Fix support for the barry_as_FLUFL future flag in the new REPL. - gh-124984: Fixed thread safety in ssl in the free-threaded build. OpenSSL operations are now protected by a per-object lock. - gh-124958: Fix refcycles in exceptions raised from asyncio.TaskGroup and the python implementation of asyncio.Future - gh-53203: Fix time.strptime() for %c and %x formats in many locales: Arabic, Bislama, Breton, Bodo, Kashubian, Chuvash, Estonian, French, Irish, Ge’ez, Gurajati, Manx Gaelic, Hebrew, Hindi, Chhattisgarhi, Haitian Kreyol, Japanese, Kannada, Korean, Marathi, Malay, Norwegian, Nynorsk, Punjabi, Rajasthani, Tok Pisin, Yoruba, Yue Chinese, Yau/Nungon and Chinese. - gh-124917: Allow calling os.path.exists() and os.path.lexists() with keyword arguments on Windows. Fixes a regression in 3.13.0. - gh-124653: Fix detection of the minimal Queue API needed by the logging module. Patch by Bénédikt Tran. - gh-124858: Fix reference cycles left in tracebacks in asyncio.open_connection() when used with happy_eyeballs_delay - gh-124390: Fixed AssertionError when using asyncio.staggered.staggered_race() with asyncio.eager_task_factory. - gh-124651: Properly quote template strings in venv activation scripts (bsc#1232241, CVE-2024-9287). - gh-116850: Fix argparse for namespaces with not directly writable dict (e.g. classes). - gh-58573: Fix conflicts between abbreviated long options in the parent parser and subparsers in argparse. - gh-124594: All asyncio REPL prompts run in the same context. Contributed by Bartosz Sławecki. - gh-61181: Fix support of choices with string value in argparse. Substrings of the specified string no longer considered valid values. - gh-80259: Fix argparse support of positional arguments with nargs='?', default=argparse.SUPPRESS and specified type. - gh-120378: Fix a crash related to an integer overflow in curses.resizeterm() and curses.resize_term(). - gh-123884: Fixed bug in itertools.tee() handling of other tee inputs (a tee in a tee). The output now has the promised n independent new iterators. Formerly, the first iterator was identical (not independent) to the input iterator. This would sometimes give surprising results. - gh-58956: Fixed a bug in pdb where sometimes the breakpoint won’t trigger if it was set on a function which is already in the call stack. - gh-124345: argparse vim supports abbreviated single-dash long options separated by = from its value. - gh-104860: Fix disallowing abbreviation of single-dash long options in argparse with allow_abbrev=False. - gh-63143: Fix parsing mutually exclusive arguments in argparse. Arguments with the value identical to the default value (e.g. booleans, small integers, empty or 1-character strings) are no longer considered “not present”. - gh-72795: Positional arguments with nargs equal to '*' or argparse.REMAINDER are no longer required. This allows to use positional argument with nargs='*' and without default in mutually exclusive group and improves error message about required arguments. - gh-59317: Fix parsing positional argument with nargs equal to '?' or '*' if it is preceded by an option and another positional argument. - gh-53780: argparse now ignores the first '--' (double dash) between an option and command. - gh-124217: Add RFC 9637 reserved IPv6 block 3fff::/20 in ipaddress module. - gh-81691: Fix handling of multiple '--' (double dashes) in argparse. Only the first one has now been removed, all subsequent ones are now taken literally. - gh-123978: Remove broken time.thread_time() and time.thread_time_ns() on NetBSD. - gh-124008: Fix possible crash (in debug build), incorrect output or returning incorrect value from raw binary write() when writing to console on Windows. - gh-123935: Fix parent slots detection for dataclasses that inherit from classes with __dictoffset__. - gh-122765: Fix unbalanced quote errors occurring when activate.csh in venv was sourced with a custom prompt containing unpaired quotes or newlines. - gh-123370: Fix the canvas not clearing after running turtledemo clock. - gh-116810: Resolve a memory leak introduced in CPython 3.10’s ssl when the ssl.SSLSocket.session property was accessed. Speeds up read and write access to said property by no longer unnecessarily cloning session objects via serialization. - gh-120754: Update unbounded read calls in zipfile to specify an explicit size putting a limit on how much data they may read. This also updates handling around ZIP max comment size to match the standard instead of reading comments that are one byte too long. - gh-70764: Fixed an issue where inspect.getclosurevars() would incorrectly classify an attribute name as a global variable when the name exists both as an attribute name and a global variable. - gh-118289: posixpath.realpath() now raises NotADirectoryError when strict mode is enabled and a non-directory path with a trailing slash is supplied. - gh-119826: Always return an absolute path for os.path.abspath() on Windows. - gh-117766: Always use str() to print choices in argparse. - gh-101955: Fix SystemError when match regular expression pattern containing some combination of possessive quantifier, alternative and capture group. - gh-88110: Fixed multiprocessing.Process reporting a .exitcode of 1 even on success when using the 'fork' start method while using a concurrent.futures.ThreadPoolExecutor. - gh-71936: Fix a race condition in multiprocessing.pool.Pool. - bpo-46128: Strip unittest.IsolatedAsyncioTestCase stack frames from reported stacktraces. - bpo-14074: Fix argparse metavar processing to allow positional arguments to have a tuple metavar. - IDLE - gh-122392: Increase currently inadequate vertical spacing for the IDLE browsers (path, module, and stack) on high-resolution monitors. - Documentation - gh-126622: Added stub pages for removed modules explaining their removal, where to find replacements, and linking to the last Python version that supported them. Contributed by Ned Batchelder. - gh-125277: Require Sphinx 7.2.6 or later to build the Python documentation. Patch by Adam Turner. - gh-124872: Added definitions for context, current context, and context management protocol, updated related definitions to be consistent, and expanded the documentation for contextvars.Context. - gh-125018: The importlib.metadata documentation now includes semantic cross-reference targets for the significant documented APIs. This means intersphinx references like importlib.metadata.version() will now work as expected. - gh-70870: Clarified the dual usage of the term “free variable” (both the formal meaning of any reference to names defined outside the local scope, and the narrower pragmatic meaning of nonlocal variables named in co_freevars). - gh-121277: Writers of CPython’s documentation can now use next as the version for the versionchanged, versionadded, deprecated directives. - gh-60712: Include the object type in the lists of documented types. Change by Furkan Onder and Martin Panter. - bpo-34008: The Py_Main() documentation moved from the “Very High Level API” section to the “Initialization and Finalization” section. - Also make it explicit that we expect Py_Main to typically be called instead of Py_Initialize rather than after it (since Py_Main makes its own call to Py_Initialize). Document that calling both is supported but is version dependent on which settings will be applied correctly. - Core and Builtins - gh-113841: Fix possible undefined behavior division by zero in complex’s _Py_c_pow(). - gh-127020: Fix a crash in the free threading build when PyCode_GetCode(), PyCode_GetVarnames(), PyCode_GetCellvars(), or PyCode_GetFreevars() were called from multiple threads at the same time. - gh-126980: Fix __buffer__() of bytearray crashing when READ or WRITE are passed as flags. - gh-126881: Fix crash in finalization of dtoa state. Patch by Kumar Aditya. - gh-126341: Now ValueError is raised instead of SystemError when trying to iterate over a released memoryview object. - gh-126688: Fix a crash when calling os.fork() on some operating systems, including SerenityOS. - gh-126066: Fix importlib to not write an incomplete .pyc files when a ulimit or some other operating system mechanism is preventing the write to go through fully. - gh-126312: Fix crash during garbage collection on an object frozen by gc.freeze() on the free-threaded build. - gh-126139: Provide better error location when attempting to use a future statement with an unknown future feature. - gh-126018: Fix a crash in sys.audit() when passing a non-string as first argument and Python was compiled in debug mode. - gh-125942: On Android, the errors setting of sys.stdout was changed from surrogateescape to backslashreplace. - gh-125859: Fix a crash in the free threading build when gc.get_objects() or gc.get_referrers() is called during an in-progress garbage collection. - gh-125703: Correctly honour tracemalloc hooks in specialized Py_DECREF paths. Patch by Pablo Galindo - gh-125593: Use color to highlight error locations in traceback from exception group - gh-125444: Fix illegal instruction for older Arm architectures. Patch by Diego Russo, testing by Ross Burton. - gh-124375: Fix a crash in the free threading build when the GC runs concurrently with a new thread starting. - gh-125221: Fix possible race condition when calling __reduce_ex__() for the first time in the free threading build. - gh-125038: Fix crash when iterating over a generator expression after direct changes on gi_frame.f_locals. Patch by Mikhail Efimov. - gh-123378: Fix a crash in the __str__() method of UnicodeError objects when the UnicodeError.start and UnicodeError.end values are invalid or out-of-range. Patch by Bénédikt Tran. - gh-116510: Fix a crash caused by immortal interned strings being shared between sub-interpreters that use basic single-phase init. In that case, the string can be used by an interpreter that outlives the interpreter that created and interned it. For interpreters that share obmalloc state, also share the interned dict with the main interpreter. - gh-122878: Use the pager binary, if available (e.g. on Debian and derivatives), to display REPL help(). - gh-124188: Fix reading and decoding a line from the source file witn non-UTF-8 encoding for syntax errors raised in the compiler. - gh-123930: Improve the error message when a script shadowing a module from the standard library causes ImportError to be raised during a “from” import. Similarly, improve the error message when a script shadowing a third party module attempts to “from” import an attribute from that third party module while still initialising. - gh-122907: Building with HAVE_DYNAMIC_LOADING now works as well as it did in 3.12. Existing deficiences will be addressed separately. (See https://github.com/python/cpython/issues/122950.) - gh-118950: Fix bug where SSLProtocol.connection_lost wasn’t getting called when OSError was thrown on writing to socket. - gh-113570: Fixed a bug in reprlib.repr where it incorrectly called the repr method on shadowed Python built-in types. - gh-109746: If _thread.start_new_thread() fails to start a new thread, it deletes its state from interpreter and thus avoids its repeated cleanup on finalization. - C API - gh-126554: Fix error handling in ctypes.CDLL objects which could result in a crash in rare situations. - gh-125608: Fix a bug where dictionary watchers (e.g., PyDict_Watch()) on an object’s attribute dictionary (__dict__) were not triggered when the object’s attributes were modified. - bpo-34008: Added Py_IsInitialized to the list of APIs that are safe to call before the interpreter is initialized, and updated the embedding tests to cover it. - Build - gh-123877: Set wasm32-wasip1 as the WASI target. The old wasm32-wasi target is deprecated so it can be used for an eventual WASI 1.0. - gh-89640: Hard-code float word ordering as little endian on WASM. - gh-125940: The Android build now supports 16 KB page sizes. - gh-89640: Improve detection of float word ordering on Linux when link-time optimizations are enabled. - gh-125269: Fix detection of whether -latomic is needed when cross-compiling CPython using the configure script. - gh-121634: Allow for specifying the target compile triple for WASI. - gh-122578: Use WASI SDK 24 for testing. - gh-115382: Fix cross compile failures when the host and target SOABIs match. - Skip PGO with %want_reproducible_builds (bsc#1239210). - Configure externally_managed with a bcond https://en.opensuse.org/openSUSE:Python:Externally_managed (bsc#1228165).

Patchnames

SUSE-2025-2074,SUSE-SLE-Module-Python3-15-SP7-2025-2074

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for python313",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for python313 fixes the following issues:\n\nUpdate to version 3.13.5.\n\nSecurity issues fixed:\n\n- CVE-2025-4517: arbitrary filesystem writes outside the extraction directory during extraction with filter=\u0027data\u0027 (bsc#1244032)\n- CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273).\n- CVE-2025-4330: extraction filter bypass for linking outside extraction directory (bsc#1244060)\n- CVE-2025-4138: may allow symlink targets to point outside the destination directory, and the modification of some file metadata.\n   (bsc#1244059)\n- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse (bsc#1236705).\n- CVE-2024-12718:  bypass extraction filter to modify file metadata outside extraction directory (bsc#1244056)\n- CVE-2024-12254: memory exhaustion due to unbounded memory buffering in `SelectorSocketTransport.writelines()`\n  (bsc#1234290).\n\n\nOther changes and issues fixed:\n    \n    \nChanges from 3.13.5:\n\n  - Tests\n\n    - gh-135120: Add test.support.subTests().\n\n  - Library\n\n    - gh-133967: Do not normalize locale name \u2018C.UTF-8\u2019 to\n      \u2018en_US.UTF-8\u2019.\n    - gh-135326: Restore support of integer-like objects with\n      __index__() in random.getrandbits().\n    - gh-135321: Raise a correct exception for values greater\n      than 0x7fffffff for the BINSTRING opcode in the C\n      implementation of pickle.\n    - gh-135276: Backported bugfixes in zipfile.Path from\n      zipp 3.23. Fixed .name, .stem and other basename-based\n      properties on Windows when working with a zipfile on disk.\n    - gh-134151: email: Fix TypeError in\n      email.utils.decode_params() when sorting RFC 2231\n      continuations that contain an unnumbered section.\n    - gh-134152: email: Fix parsing of email message ID with\n      invalid domain.\n    - gh-127081: Fix libc thread safety issues with os by\n      replacing getlogin with getlogin_r re-entrant version.\n    - gh-131884: Fix formatting issues in json.dump() when both\n      indent and skipkeys are used.\n  - Core and Builtins\n    - gh-135171: Roll back changes to generator and list\n      comprehensions that went into 3.13.4 to fix gh-127682,\n      but which involved semantic and bytecode changes not\n      appropriate for a bugfix release.\n  - C API\n    - gh-134989: Fix Py_RETURN_NONE, Py_RETURN_TRUE and\n      Py_RETURN_FALSE macros in the limited C API 3.11 and\n      older: don\u2019t treat Py_None, Py_True and Py_False as\n      immortal. Patch by Victor Stinner.\n    - gh-134989: Implement PyObject_DelAttr() and\n      PyObject_DelAttrString() as macros in the limited C API\n      3.12 and older. Patch by Victor Stinner.\n\nChanges from 3.13.4:\n\n  - Security\n\n    - gh-135034: Fixes multiple issues that allowed tarfile\n      extraction filters (filter=\u0027data\u0027 and filter=\u0027tar\u0027) to be\n      bypassed using crafted symlinks and hard links.\n      Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138\n      (bsc#1244059), CVE-2025-4330 (bsc#1244060), and\n      CVE-2025-4517 (bsc#1244032).\n    - gh-133767: Fix use-after-free in the \u201cunicode-escape\u201d\n      decoder with a non-\u201cstrict\u201d error handler (CVE-2025-4516,\n      bsc#1243273).\n    - gh-128840: Short-circuit the processing of long IPv6\n      addresses early in ipaddress to prevent excessive memory\n      consumption and a minor denial-of-service.\n  - Library\n    - gh-134718: ast.dump() now only omits None and [] values if\n      they are default values.\n    - gh-128840: Fix parsing long IPv6 addresses with embedded\n      IPv4 address.\n    - gh-134696: Built-in HACL* and OpenSSL implementations of\n      hash function constructors now correctly accept the same\n      documented named arguments. For instance, md5() could be\n      previously invoked as md5(data=data) or md5(string=string)\n      depending on the underlying implementation but these calls\n      were not compatible. Patch by B\u00e9n\u00e9dikt Tran.\n    - gh-134210: curses.window.getch() now correctly handles\n      signals. Patch by B\u00e9n\u00e9dikt Tran.\n    - gh-80334: multiprocessing.freeze_support() now checks for\n      work on any \u201cspawn\u201d start method platform rather than only\n      on Windows.\n    - gh-114177: Fix asyncio to not close subprocess pipes which\n      would otherwise error out when the event loop is already\n      closed.\n    - gh-134152: Fixed UnboundLocalError that could occur during\n      email header parsing if an expected trailing delimiter is\n      missing in some contexts.\n    - gh-62184: Remove import of C implementation of io.FileIO\n      from Python implementation which has its own implementation\n    - gh-133982: Emit RuntimeWarning in the Python implementation\n      of io when the file-like object is not closed explicitly in\n      the presence of multiple I/O layers.\n    - gh-133890: The tarfile module now handles\n      UnicodeEncodeError in the same way as OSError when cannot\n      extract a member.\n    - gh-134097: Fix interaction of the new REPL and -X\n      showrefcount command line option.\n    - gh-133889: The generated directory listing page in\n      http.server.SimpleHTTPRequestHandler now only shows the\n      decoded path component of the requested URL, and not the\n      query and fragment.\n    - gh-134098: Fix handling paths that end with\n      a percent-encoded slash (%2f or %2F) in\n      http.server.SimpleHTTPRequestHandler.\n    - gh-134062: ipaddress: fix collisions in __hash__() for\n      IPv4Network and IPv6Network objects.\n    - gh-133745: In 3.13.3 we accidentally changed the signature\n      of the asyncio create_task() family of methods and how it\n      calls a custom task factory in a backwards incompatible\n      way. Since some 3rd party libraries have already made\n      changes to work around the issue that might break if\n      we simply reverted the changes, we\u2019re instead changing\n      things to be backwards compatible with 3.13.2 while still\n      supporting those workarounds for 3.13.3. In particular, the\n      special-casing of name and context is back (until 3.14) and\n      consequently eager tasks may still find that their name\n      hasn\u2019t been set before they execute their first yielding\n      await.\n    - gh-71253: Raise ValueError in open() if opener returns a\n      negative file-descriptor in the Python implementation of io\n      to match the C implementation.\n    - gh-77057: Fix handling of invalid markup declarations in\n      html.parser.HTMLParser.\n    - gh-133489: random.getrandbits() can now generate more that\n      231 bits. random.randbytes() can now generate more that 256\n      MiB.\n    - gh-133290: Fix attribute caching issue when setting\n      ctypes._Pointer._type_ in the undocumented and deprecated\n      ctypes.SetPointerType() function and the undocumented\n      set_type() method.\n    - gh-132876: ldexp() on Windows doesn\u2019t round subnormal\n      results before Windows 11, but should. Python\u2019s\n      math.ldexp() wrapper now does round them, so results may\n      change slightly, in rare cases of very small results, on\n      Windows versions before 11.\n    - gh-133089: Use original timeout value for\n      subprocess.TimeoutExpired when the func subprocess.run()\n      is called with a timeout instead of sometimes a confusing\n      partial remaining time out value used internally on the\n      final wait().\n    - gh-133009: xml.etree.ElementTree: Fix a crash in\n      Element.__deepcopy__ when the element is concurrently\n      mutated. Patch by B\u00e9n\u00e9dikt Tran.\n    - gh-132995: Bump the version of pip bundled in ensurepip to\n      version 25.1.1\n    - gh-132017: Fix error when pyrepl is suspended, then resumed\n      and terminated.\n    - gh-132673: Fix a crash when using _align_ = 0 and _fields_\n      = [] in a ctypes.Structure.\n    - gh-132527: Include the valid typecode \u2018w\u2019 in the error\n      message when an invalid typecode is passed to array.array.\n    - gh-132439: Fix PyREPL on Windows: characters entered via\n      AltGr are swallowed. Patch by Chris Eibl.\n    - gh-132429: Fix support of Bluetooth sockets on NetBSD and\n      DragonFly BSD.\n    - gh-132106: QueueListener.start now raises a RuntimeError if\n      the listener is already started.\n    - gh-132417: Fix a NULL pointer dereference when a C function\n      called using ctypes with restype py_object returns NULL.\n    - gh-132385: Fix instance error suggestions trigger potential\n      exceptions in object.__getattr__() in traceback.\n    - gh-132308: A traceback.TracebackException now correctly\n      renders the __context__ and __cause__ attributes from\n      falsey Exception, and the exceptions attribute from falsey\n      ExceptionGroup.\n    - gh-132250: Fixed the SystemError in cProfile when locating\n      the actual C function of a method raises an exception.\n    - gh-132063: Prevent exceptions that evaluate as\n      falsey (namely, when their __bool__ method returns\n      False or their __len__ method returns 0) from being\n      ignored by concurrent.futures.ProcessPoolExecutor and\n      concurrent.futures.ThreadPoolExecutor.\n    - gh-119605: Respect follow_wrapped for __init__() and\n      __new__() methods when getting the class signature for a\n      class with inspect.signature(). Preserve class signature\n      after wrapping with warnings.deprecated(). Patch by Xuehai\n      Pan.\n    - gh-91555: Ignore log messages generated during handling of\n      log messages, to avoid deadlock or infinite recursion.\n    - gh-131434: Improve error reporting for incorrect format in\n      time.strptime().\n    - gh-131127: Systems using LibreSSL now successfully build.\n    - gh-130999: Avoid exiting the new REPL and offer suggestions\n      even if there are non-string candidates when errors occur.\n    - gh-130941: Fix configparser.ConfigParser parsing empty\n      interpolation with allow_no_value set to True.\n    - gh-129098: Fix REPL traceback reporting when using\n      compile() with an inexisting file. Patch by B\u00e9n\u00e9dikt Tran.\n    - gh-130631: http.cookiejar.join_header_words() is now more\n      similar to the original Perl version. It now quotes the\n      same set of characters and always quote values that end\n      with \u0027\\n\u0027.\n    - gh-129719: Fix missing socket.CAN_RAW_ERR_FILTER constant\n      in the socket module on Linux systems. It was missing since\n      Python 3.11.\n    - gh-124096: Turn on virtual terminal mode and enable\n      bracketed paste in REPL on Windows console. (If the\n      terminal does not support bracketed paste, enabling it does\n      nothing.)\n    - gh-122559: Remove __reduce__() and __reduce_ex__() methods\n      that always raise TypeError in the C implementation\n      of io.FileIO, io.BufferedReader, io.BufferedWriter\n      and io.BufferedRandom and replace them with default\n      __getstate__() methods that raise TypeError. This restores\n      fine details of behavior of Python 3.11 and older versions.\n    - gh-122179: hashlib.file_digest() now raises BlockingIOError\n      when no data is available during non-blocking I/O. Before,\n      it added spurious null bytes to the digest.\n    - gh-86155: html.parser.HTMLParser.close() no longer loses\n      data when the \u003cscript\u003e tag is not closed. Patch by Waylan\n      Limberg.\n    - gh-69426: Fix html.parser.HTMLParser to not unescape\n      character entities in attribute values if they are followed\n      by an ASCII alphanumeric or an equals sign.\n    - bpo-44172: Keep a reference to original curses windows in\n      subwindows so that the original window does not get deleted\n      before subwindows.\n  - Tests\n    - gh-133744: Fix multiprocessing interrupt test. Add an event\n      to synchronize the parent process with the child process:\n      wait until the child process starts sleeping. Patch by\n      Victor Stinner.\n    - gh-133639: Fix\n      TestPyReplAutoindent.test_auto_indent_default() doesn\u2019t run\n      input_code.\n    - gh-133131: The iOS testbed will now select the most\n      recently released \u201cSE-class\u201d device for testing if a device\n      isn\u2019t explicitly specified.\n    - gh-109981: The test helper that counts the list of open\n      file descriptors now uses the optimised /dev/fd approach on\n      all Apple platforms, not just macOS. This avoids crashes\n      caused by guarded file descriptors.\n  - IDLE\n    - gh-112936: fix IDLE: no Shell menu item in single-process\n      mode.\n  - Documentation\n    - gh-107006: Move documentation and example code for\n      threading.local from its docstring to the official docs.\n  - Core and Builtins\n    - gh-134908: Fix crash when iterating over lines in a text\n      file on the free threaded build.\n    - gh-127682: No longer call __iter__ twice in list\n      comprehensions. This brings the behavior of list\n      comprehensions in line with other forms of iteration\n    - gh-134381: Fix RuntimeError when using a not-started\n      threading.Thread after calling os.fork()\n    - gh-128066: Fixes an edge case where PyREPL improperly threw\n      an error when Python is invoked on a read only filesystem\n      while trying to write history file entries.\n    - gh-134100: Fix a use-after-free bug that occurs when an\n      imported module isn\u2019t in sys.modules after its initial\n      import. Patch by Nico-Posada.\n    - gh-133703: Fix hashtable in dict can be bigger than\n      intended in some situations.\n    - gh-132869: Fix crash in the free threading build when\n      accessing an object attribute that may be concurrently\n      inserted or deleted.\n    - gh-132762: fromkeys() no longer loops forever when adding\n      a small set of keys to a large base dict. Patch by Angela\n      Liss.\n    - gh-133543: Fix a possible memory leak that could occur when\n      directly accessing instance dictionaries (__dict__) that\n      later become part of a reference cycle.\n    - gh-133516: Raise ValueError when constants True, False or\n      None are used as an identifier after NFKC normalization.\n    - gh-133441: Fix crash upon setting an attribute with a dict\n      subclass. Patch by Victor Stinner.\n    - gh-132942: Fix two races in the type lookup cache. This\n      affected the free-threaded build and could cause crashes\n      (apparently quite difficult to trigger).\n    - gh-132713: Fix repr(list) race condition: hold a strong\n      reference to the item while calling repr(item). Patch by\n      Victor Stinner.\n    - gh-132747: Fix a crash when calling __get__() of a method\n      with a None second argument.\n    - gh-132542: Update Thread.native_id after fork(2) to ensure\n      accuracy. Patch by Noam Cohen.\n    - gh-124476: Fix decoding from the locale encoding in the\n      C.UTF-8 locale.\n    - gh-131927: Compiler warnings originating from the same\n      module and line number are now only emitted once, matching\n      the behaviour of warnings emitted from user code. This can\n      also be configured with warnings filters.\n    - gh-127682: No longer call __iter__ twice when creating and\n      executing a generator expression. Creating a generator\n      expression from a non-interable will raise only when the\n      generator expression is executed. This brings the behavior\n      of generator expressions in line with other generators.\n    - gh-131878: Handle uncaught exceptions in the main input\n      loop for the new REPL.\n    - gh-131878: Fix support of unicode characters with two or\n      more codepoints on Windows in the new REPL.\n    - gh-130804: Fix support of unicode characters on Windows in\n      the new REPL.\n    - gh-130070: Fixed an assertion error for exec() passed a\n      string source and a non-None closure. Patch by Bartosz\n      S\u0142awecki.\n    - gh-129958: Fix a bug that was allowing newlines\n      inconsitently in format specifiers for single-quoted\n      f-strings. Patch by Pablo Galindo.\n  - C API\n    - gh-132909: Fix an overflow when handling the K format in\n      Py_BuildValue(). Patch by B\u00e9n\u00e9dikt Tran.\n\n- Changes from version 3.13.3\n\n  - Tools/Demos\n    - gh-131852: msgfmt no longer adds the POT-Creation-Date to\n      generated .mo files for consistency with GNU msgfmt.\n    - gh-85012: Correctly reset msgctxt when compiling messages\n      in msgfmt.\n    - gh-130025: The iOS testbed now correctly handles symlinks\n      used as Python framework references.\n  - Tests\n    - gh-131050: test_ssl.test_dh_params is skipped if the\n      underlying TLS library does not support finite-field\n      ephemeral Diffie-Hellman.\n    - gh-129200: Multiple iOS testbed runners can now be started\n      at the same time without introducing an ambiguity over\n      simulator ownership.\n    - gh-130292: The iOS testbed will now run successfully on a\n      machine that has not previously run Xcode tests (such as CI\n      configurations).\n    - gh-130293: The tests of terminal colorization are no longer\n      sensitive to the value of the TERM variable in the testing\n      environment.\n    - gh-126332: Add unit tests for pyrepl.\n  - Security\n    - gh-131809: Update bundled libexpat to 2.7.1\n    - gh-131261: Upgrade to libexpat 2.7.0\n    - gh-127371: Avoid unbounded buffering for\n      tempfile.SpooledTemporaryFile.writelines(). Previously,\n      disk spillover was only checked after the lines iterator\n      had been exhausted. This is now done after each line is\n      written.\n    - gh-121284: Fix bug in the folding of rfc2047 encoded-words\n      when flattening an email message using a modern email\n      policy. Previously when an encoded-word was too long for\n      a line, it would be decoded, split across lines, and\n      re-encoded. But commas and other special characters in the\n      original text could be left unencoded and unquoted. This\n      could theoretically be used to spoof header lines using\n      a carefully constructed encoded-word if the resulting\n      rendered email was transmitted or re-parsed.\n  - Library\n    - gh-132174: Fix function name in error message of\n      _interpreters.run_string.\n    - gh-132171: Fix crash of _interpreters.run_string on string\n      subclasses.\n    - gh-129204: Introduce new _PYTHON_SUBPROCESS_USE_POSIX_SPAWN\n      environment variable knob in subprocess to control the use\n      of os.posix_spawn().\n    - gh-132159: Do not shadow user arguments in generated\n      __new__() by decorator warnings.deprecated. Patch by Xuehai\n      Pan.\n    - gh-132075: Fix possible use of socket address structures\n      with uninitialized members. Now all structure members are\n      initialized with zeroes by default.\n    - gh-132002: Fix crash when deallocating\n      contextvars.ContextVar with weird unahashable string names.\n    - gh-131668: socket: Fix code parsing AF_BLUETOOTH socket\n      addresses.\n    - gh-131492: Fix a resource leak when constructing a\n      gzip.GzipFile with a filename fails, for example when\n      passing an invalid compresslevel.\n    - gh-131325: Fix sendfile fallback implementation to drain\n      data after writing to transport in asyncio.\n    - gh-129843: Fix incorrect argument passing in\n      warnings.warn_explicit().\n    - gh-131204: Use monospace font from System Font Stack for\n      cross-platform support in difflib.HtmlDiff.\n    - gh-130940: The PyConfig.use_system_logger attribute,\n      introduced in Python 3.13.2, has been removed. The\n      introduction of this attribute inadvertently introduced an\n      ABI breakage on macOS and iOS. The use of the system logger\n      is now enabled by default on iOS, and disabled by default\n      on macOS.\n    - gh-131045: Fix issue with __contains__, values, and\n      pseudo-members for enum.Flag.\n    - gh-130959: Fix pure-Python implementation of\n      datetime.time.fromisoformat() to reject times with spaces\n      in fractional part (for example, 12:34:56.400 +02:00),\n      matching the C implementation. Patch by Micha\u0142 Gorny.\n    - gh-130637: Add validation for numeric response data in\n      poplib.POP3.stat() method\n    - gh-130461: Remove .. index:: directives from the uuid\n      module documentation. These directives previously created\n      entries in the general index for getnode() as well as\n      the uuid1(), uuid3(), uuid4(), and uuid5() constructor\n      functions.\n    - gh-130379: The zipapp module now calculates the list of\n      files to be added to the archive before creating the\n      archive. This avoids accidentally including the target when\n      it is being created in the source directory.\n    - gh-130285: Fix corner case for random.sample() allowing the\n      counts parameter to specify an empty population. So now,\n      sample([], 0, counts=[]) and sample(\u0027abc\u0027, k=0, counts=[0,\n      0, 0]) both give the same result as sample([], 0).\n    - gh-130250: Fix regression in traceback.print_last().\n    - gh-130230: Fix crash in pow() with only Decimal third\n      argument.\n    - gh-118761: Reverts a change in the previous release\n      attempting to make some stdlib imports used within the\n      subprocess module lazy as this was causing errors during\n      __del__ finalizers calling methods such as terminate, or\n      kill, or send_signal.\n    - gh-130164: Fixed failure to raise TypeError in\n      inspect.Signature.bind() for positional-only arguments\n      provided by keyword when a variadic keyword argument (e.g.\n      --kwargs) is present.\n    - gh-130151: Fix reference leaks in _hashlib.hmac_new() and\n      _hashlib.hmac_digest(). Patch by B\u00e9n\u00e9dikt Tran.\n    - gh-130145: Fix asyncio.AbstractEventloop.run_forever() when\n      another loop is already running.\n    - gh-129726: Fix gzip.GzipFile raising an unraisable\n      exception during garbage collection when referring to\n      a temporary object by breaking the reference loop with\n      weakref.\n    - gh-127750: Remove broken functools.singledispatchmethod()\n      caching introduced in gh-85160.\n    - gh-129583: Update bundled pip to 25.0.1\n    - gh-97850: Update the deprecation warning of\n      importlib.abc.Loader.load_module().\n    - gh-129646: Update the locale alias mapping in the locale\n      module to match the latest X Org locale alias mapping and\n      support new locales in Glibc 2.41.\n    - gh-129603: Fix bugs where sqlite3.Row objects could\n      segfault if their inherited description was set to\n      None. Patch by Erlend Aasland.\n    - gh-128231: Execution of multiple statements in the new\n      REPL now stops immediately upon the first exception\n      encountered. Patch by Bartosz S\u0142awecki.\n    - gh-117779: Fix reading duplicated entries in zipfile by\n      name. Reading duplicated entries (except the last one)\n      by ZipInfo now emits a warning instead of raising an\n      exception.\n    - gh-128772: Fix pydoc for methods with the __module__\n      attribute equal to None.\n    - gh-92897: Scheduled the deprecation of the check_home\n      argument of sysconfig.is_python_build() to Python 3.15.\n    - gh-128657: Fix possible extra reference when using objects\n      returned by hashlib.sha256() under free threading.\n    - gh-128703: Fix mimetypes.guess_type() to use default\n      mapping for empty Content-Type in registry.\n    - gh-128308: Support the name keyword argument\n      for eager tasks in asyncio.loop.create_task(),\n      asyncio.create_task() and asyncio.TaskGroup.create_task(),\n      by passing on all kwargs to the task factory set by\n      asyncio.loop.set_task_factory().\n    - gh-128388: Fix PyREPL on Windows to support more\n      keybindings, like the Control-\u2190 and Control-\u2192 word-skipping\n      keybindings and those with meta (i.e. Alt), e.g. Alt-d to\n      kill-word or Alt-Backspace backward-kill-word.\n    - gh-126037: xml.etree.ElementTree: Fix a crash in\n      Element.find, Element.findtext and Element.findall when\n      the tag to find implements an __eq__() method mutating the\n      element being queried. Patch by B\u00e9n\u00e9dikt Tran.\n    - gh-127712: Fix handling of the secure argument of\n      logging.handlers.SMTPHandler.\n    - gh-126033: xml.etree.ElementTree: Fix a crash in\n      Element.remove when the element is concurrently\n      mutated. Patch by B\u00e9n\u00e9dikt Tran.\n    - gh-118201: Fixed intermittent failures of os.confstr,\n      os.pathconf and os.sysconf on iOS and Android.\n    - gh-124927: Non-printing characters are now properly handled\n      in the new REPL.\n  - IDLE\n    - gh-129873: Simplify displaying the IDLE doc by only copying\n      the text section of idle.html to idlelib/help.html. Patch\n      by Stan Ulbrych.\n  - Documentation\n    - gh-131417: Mention asyncio.Future and asyncio.Task in\n      generic classes list.\n    - gh-125722: Require Sphinx 8.2.0 or later to build the\n      Python documentation. Patch by Adam Turner.\n    - gh-129712: The wheel tags supported by each macOS universal\n      SDK option are now documented.\n    - gh-46236: C API: Document PyUnicode_RSplit(),\n      PyUnicode_Partition() and PyUnicode_RPartition().\n  - Core and Builtins\n    - gh-132011: Fix crash when calling list.append() as an\n      unbound method.\n    - gh-131998: Fix a crash when using an unbound method\n      descriptor object in a function where a bound method\n      descriptor was used.\n    - gh-131988: Fix a performance regression that caused scaling\n      bottlenecks in the free threaded build in 3.13.1 and\n      3.13.2.\n    - gh-131719: Fix missing NULL check in _PyMem_FreeDelayed in\n      free-threaded build.\n    - gh-131670: Fix anext() failing on sync __anext__() raising\n      an exception.\n    - gh-131141: Fix data race in sys.monitoring instrumentation\n      while registering callback.\n    - gh-130932: Fix incorrect exception handling in\n      _PyModule_IsPossiblyShadowing\n    - gh-130851: Fix a crash in the free threading build when\n      constructing a code object with co_consts that contains\n      instances of types that are not otherwise generated by the\n      bytecode compiler.\n    - gh-130794: Fix memory leak in the free threaded build\n      when resizing a shared list or dictionary from multiple\n      short-lived threads.\n    - gh-130775: Do not crash on negative column and end_column\n      in ast locations.\n    - gh-130382: Fix PyRefTracer_DESTROY not being sent from\n      Python/ceval.c Py_DECREF().\n    - gh-130618: Fix a bug that was causing UnicodeDecodeError or\n      SystemError to be raised when using f-strings with lambda\n      expressions with non-ASCII characters. Patch by Pablo\n      Galindo\n    - gh-130163: Fix possible crashes related to concurrent\n      change and use of the sys module attributes.\n    - gh-88887: Fixing multiprocessing Resource Tracker process\n      leaking, usually observed when running Python as PID 1.\n    - gh-130115: Fix an issue with thread identifiers being\n      sign-extended on some platforms.\n    - gh-128396: Fix a crash that occurs when calling locals()\n      inside an inline comprehension that uses the same local\n      variable as the outer frame scope where the variable is a\n      free or cell var.\n    - gh-116042: Fix location for SyntaxErrors of invalid escapes\n      in the tokenizer. Patch by Pablo Galindo\n    - gh-129983: Fix data race in compile_template in sre.c.\n    - gh-129967: Fix a race condition in the free threading build\n      when repr(set) is called concurrently with set.clear().\n    - gh-129900: Fix return codes inside SystemExit not getting\n      returned by the REPL.\n    - gh-129732: Fixed a race in _Py_qsbr_reserve in the free\n      threading build.\n    - gh-129643: Fix thread safety of PyList_Insert() in\n      free-threading builds.\n    - gh-129668: Fix race condition when raising MemoryError in\n      the free threaded build.\n    - gh-129643: Fix thread safety of PyList_SetItem() in\n      free-threading builds. Patch by Kumar Aditya.\n    - gh-128714: Fix the potential races in get/set dunder\n      methods __annotations__, __annotate__ and __type_params__\n      for function object, and add related tests.\n    - gh-128632: Disallow __classdict__ as the name of a type\n      parameter. Using this name would previously crash the\n      interpreter in some circumstances.\n    - gh-127953: The time to handle a LINE event in\n      sys.monitoring (and sys.settrace) is now independent of the\n      number of lines in the code object.\n    - gh-125331: from __future__ import barry_as_FLUFL now works\n      in more contexts, including when it is used in files,\n      with the -c flag, and in the REPL when there are multiple\n      statements on the same line. Previously, it worked only\n      on subsequent lines in the REPL, and when the appropriate\n      flags were passed directly to compile(). Patch by Pablo\n      Galindo.\n  - C API\n    - gh-131740: Update PyUnstable_GC_VisitObjects to traverse\n      perm gen.\n    - gh-129533: Update PyGC_Enable(), PyGC_Disable(),\n      PyGC_IsEnabled() to use atomic operation for thread-safety\n      at free-threading build. Patch by Donghee Na.\n  - Build\n    - gh-131865: The DTrace build now properly passes the CC\n      and CFLAGS variables to the dtrace command when utilizing\n      SystemTap on Linux.\n    - gh-131675: Fix mimalloc library builds for 32-bit ARM\n      targets.\n    - gh-130673: Fix potential KeyError when handling object\n      sections during JIT building process.\n    - gh-130740: Ensure that Python.h is included before\n      stdbool.h unless pyconfig.h is included before or in some\n      platform-specific contexts.\n    - gh-129838: Don\u2019t redefine _Py_NO_SANITIZE_UNDEFINED when\n      compiling with a recent GCC version and undefined sanitizer\n      enabled.\n    - gh-129660: Drop test_embed from PGO training, whose\n      contribution in recent versions is considered to be\n      ignorable.\n\n- Changes from version 3.13.2:\n  \n  - Tools/Demos\n    - gh-128152: Fix a bug where Argument Clinic\u2019s C\n      pre-processor parser tried to parse pre-processor\n      directives inside C comments. Patch by Erlend Aasland.\n  - Tests\n    - gh-127906: Test the limited C API in test_cppext. Patch by\n      Victor Stinner.\n    - gh-127637: Add tests for the dis command-line\n      interface. Patch by B\u00e9n\u00e9dikt Tran.\n    - gh-126925: iOS test results are now streamed during test\n      execution, and the deprecated xcresulttool is no longer\n      used.\n  - Security\n    - gh-105704: When using urllib.parse.urlsplit() and\n      urllib.parse.urlparse() host parsing would not reject\n      domain names containing square brackets ([ and ]). Square\n      brackets are only valid for IPv6 and IPvFuture hosts\n      according to RFC 3986 Section 3.2.2. (CVE-2025-0938,\n      bsc#1236705)\n    - gh-127655: Fixed the\n      asyncio.selector_events._SelectorSocketTransport\n      transport not pausing writes for the protocol when\n      the buffer reaches the high water mark when using\n      asyncio.WriteTransport.writelines() (CVE-2024-12254,\n      bsc#1234290).\n    - gh-126108: Fix a possible NULL pointer dereference in\n      PySys_AddWarnOptionUnicode().\n    - gh-80222: Fix bug in the folding of quoted strings\n      when flattening an email message using a modern email\n      policy. Previously when a quoted string was folded so\n      that it spanned more than one line, the surrounding\n      quotes and internal escapes would be omitted. This could\n      theoretically be used to spoof header lines using a\n      carefully constructed quoted string if the resulting\n      rendered email was transmitted or re-parsed.\n    - gh-119511: Fix a potential denial of service in the imaplib\n      module. When connecting to a malicious server, it could\n      cause an arbitrary amount of memory to be allocated. On\n      many systems this is harmless as unused virtual memory is\n      only a mapping, but if this hit a virtual address size\n      limit it could lead to a MemoryError or other process\n      crash. On unusual systems or builds where all allocated\n      memory is touched and backed by actual ram or storage\n      it could\u2019ve consumed resources doing so until similarly\n      crashing.\n  - Library\n    - gh-129502: Unlikely errors in preparing arguments for\n      ctypes callback are now handled in the same way as errors\n      raised in the callback of in converting the result of\n      the callback \u2013 using sys.unraisablehook() instead of\n      sys.excepthook() and not setting sys.last_exc and other\n      variables.\n    - gh-129403: Corrected ValueError message for asyncio.Barrier\n      and threading.Barrier.\n    - gh-129409: Fix an integer overflow in the csv module when\n      writing a data field larger than 2GB.\n    - gh-118761: Improve import time of subprocess by lazy\n      importing locale and signal. Patch by Taneli Hukkinen.\n    - gh-129346: In sqlite3, handle out-of-memory when creating\n      user-defined SQL functions.\n    - gh-129061: Fix FORCE_COLOR and NO_COLOR when empty\n      strings. Patch by Hugo van Kemenade.\n    - gh-128550: Removed an incorrect optimization relating\n      to eager tasks in asyncio.TaskGroup that resulted in\n      cancellations being missed.\n    - gh-128991: Release the enter frame reference within bdb\n      callback\n    - gh-128978: Fix a NameError in\n      sysconfig.expand_makefile_vars(). Patch by B\u00e9n\u00e9dikt Tran.\n    - gh-128961: Fix a crash when setting state on an exhausted\n      array.array iterator.\n    - gh-128894: Fix\n      traceback.TracebackException._format_syntax_error not to\n      fail on exceptions with custom metadata.\n    - gh-128916: Do not attempt to set SO_REUSEPORT on sockets of\n      address families other than AF_INET and AF_INET6, as it is\n      meaningless with these address families, and the call with\n      fail with Linux kernel 6.12.9 and newer.\n    - gh-128679: Fix tracemalloc.stop() race condition. Fix\n      tracemalloc to support calling tracemalloc.stop() in\n      one thread, while another thread is tracing memory\n      allocations. Patch by Victor Stinner.\n    - gh-128636: Fix PyREPL failure when os.environ is\n      overwritten with an invalid value.\n    - gh-128562: Fix possible conflicts in generated tkinter\n      widget names if the widget class name ends with a digit.\n    - gh-128498: Default to stdout isatty for color detection\n      instead of stderr. Patch by Hugo van Kemenade.\n    - gh-128552: Fix cyclic garbage introduced\n      by asyncio.loop.create_task() and\n      asyncio.TaskGroup.create_task() holding a reference to the\n      created task if it is eager.\n    - gh-128479: Fix asyncio.staggered.staggered_race() leaking\n      tasks and issuing an unhandled exception.\n    - gh-128400: Fix crash when using\n      faulthandler.dump_traceback() while other threads are\n      active on the free threaded build.\n    - gh-88834: Unify the instance check for typing.Union and\n      types.UnionType: Union now uses the instance checks against\n      its parameters instead of the subclass checks.\n    - gh-128302: Fix\n      xml.dom.xmlbuilder.DOMEntityResolver.resolveEntity(), which\n      was broken by the Python 3.0 transition.\n    - gh-128302: Allow xml.dom.xmlbuilder.DOMParser.parse()\n      to correctly handle xml.dom.xmlbuilder.DOMInputSource\n      instances that only have a systemId attribute set.\n    - gh-112064: Fix incorrect handling of negative read sizes in\n      HTTPResponse.read. Patch by Yury Manushkin.\n    - gh-58956: Fixed a frame reference leak in bdb.\n    - gh-128131: Completely support random access of uncompressed\n      unencrypted read-only zip files obtained by ZipFile.open.\n    - gh-112328: enum.EnumDict can now be used without resorting\n      to private API.\n    - gh-127975: Avoid reusing quote types in ast.unparse() if\n      not needed.\n    - gh-128062: Revert the font of turtledemo\u2019s menu bar to its\n      default value and display the shortcut keys in the correct\n      position.\n    - gh-128014: Fix resetting the default window icon by passing\n      default=\u0027\u0027 to the tkinter method wm_iconbitmap().\n    - gh-115514: Fix exceptions and incomplete writes after\n      asyncio._SelectorTransport is closed before writes are\n      completed.\n    - gh-41872: Fix quick extraction of module docstrings from\n      a file in pydoc. It now supports docstrings with single\n      quotes, escape sequences, raw string literals, and other\n      Python syntax.\n    - gh-127060: Set TERM environment variable to \u201cdumb\u201d to\n      disable traceback colors in IDLE, since IDLE doesn\u2019t\n      understand ANSI escape sequences. Patch by Victor Stinner.\n    - gh-126742: Fix support of localized error messages reported\n      by dlerror(3) and gdbm_strerror in ctypes and dbm.gnu\n      functions respectively. Patch by B\u00e9n\u00e9dikt Tran.\n    - gh-127873: When -E is set, only ignore PYTHON_COLORS\n      and not FORCE_COLOR/NO_COLOR/TERM when colourising\n      output. Patch by Hugo van Kemenade.\n    - gh-127870: Detect recursive calls in ctypes _as_parameter_\n      handling. Patch by Victor Stinner.\n    - gh-127847: Fix the position when doing interleaved seeks\n      and reads in uncompressed, unencrypted zip files returned\n      by zipfile.ZipFile.open().\n    - gh-127732: The platform module now correctly detects\n      Windows Server 2025.\n    - gh-126821: macOS and iOS apps can now choose to redirect\n      stdout and stderr to the system log during interpreter\n      configuration.\n    - gh-93312: Include \u003csys/pidfd.h\u003e to get os.PIDFD_NONBLOCK\n      constant. Patch by Victor Stinner.\n    - gh-83662: Add missing __class_getitem__ method to the\n      Python implementation of functools.partial(), to make it\n      compatible with the C version. This is mainly relevant for\n      alternative Python implementations like PyPy and GraalPy,\n      because CPython will usually use the C-implementation of\n      that function.\n    - gh-127586: multiprocessing.pool.Pool now properly restores\n      blocked signal handlers of the parent thread when creating\n      processes via either spawn or forkserver.\n    - gh-98188: Fix an issue in\n      email.message.Message.get_payload() where data cannot be\n      decoded if the Content Transfer Encoding mechanism contains\n      trailing whitespaces or additional junk text. Patch by Hui\n      Liu.\n    - gh-127257: In ssl, system call failures that OpenSSL\n      reports using ERR_LIB_SYS are now raised as OSError.\n    - gh-127096: Do not recreate unnamed section on every read in\n      configparser.ConfigParser. Patch by Andrey Efremov.\n    - gh-127196: Fix crash when dict with keys in invalid\n      encoding were passed to several functions in _interpreters\n      module.\n    - gh-126775: Make linecache.checkcache() thread safe and GC\n      re-entrancy safe.\n    - gh-126332: Fix _pyrepl crash when entering a double CTRL-Z\n      on an overflowing line.\n    - gh-126225: getopt and optparse are no longer marked as\n      deprecated. There are legitimate reasons to use one of\n      these modules in preference to argparse, and none of these\n      modules are at risk of being removed from the standard\n      library. Of the three, argparse remains the recommended\n      default choice, unless one of the concerns noted at the top\n      of the optparse module documentation applies.\n    - gh-125553: Fix round-trip invariance for backslash\n      continuations in tokenize.untokenize().\n    - gh-123987: Fixed issue in NamespaceReader where a non-path\n      item in a namespace path, such as a sentinel added by an\n      editable installer, would break resource loading.\n    - gh-123401: The http.cookies module now supports parsing\n      obsolete RFC 850 date formats, in accordance with RFC 9110\n      requirements. Patch by Nano Zheng.\n    - gh-122431: readline.append_history_file() now raises a\n      ValueError when given a negative value.\n    - gh-119257: Show tab completions menu below the current\n      line, which results in less janky behaviour, and fixes a\n      cursor movement bug. Patch by Daniel Hollas\n  - Documentation\n    - gh-125722: Require Sphinx 8.1.3 or later to build the\n      Python documentation. Patch by Adam Turner.\n    - gh-67206: Document that string.printable is not\n      printable in the POSIX sense. In particular,\n      string.printable.isprintable() returns False. Patch by\n      B\u00e9n\u00e9dikt Tran.\n  - Core and Builtins\n    - gh-129345: Fix null pointer dereference in syslog.openlog()\n      when an audit hook raises an exception.\n    - gh-129093: Fix f-strings such as f\u0027{expr=}\u0027 sometimes not\n      displaying the full expression when the expression contains\n      !=.\n    - gh-124363: Treat debug expressions in f-string as raw\n      strings. Patch by Pablo Galindo\n    - gh-128799: Add frame of except* to traceback when it wraps\n      a naked exception.\n    - gh-128078: Fix a SystemError when using anext() with a\n      default tuple value. Patch by B\u00e9n\u00e9dikt Tran.\n    - gh-128717: Fix a crash when setting the recursion limit\n      while other threads are active on the free threaded build.\n    - gh-128330: Restore terminal control characters on REPL\n      exit.\n    - gh-128079: Fix a bug where except* does not properly check\n      the return value of an ExceptionGroup\u2019s split() function,\n      leading to a crash in some cases. Now when split() returns\n      an invalid object, except* raises a TypeError with the\n      original raised ExceptionGroup object chained to it.\n    - gh-128030: Avoid error from calling\n      PyModule_GetFilenameObject on a non-module object when\n      importing a non-existent symbol from a non-module object.\n    - gh-127903: Objects/unicodeobject.c: fix a crash on DEBUG\n      builds in _copy_characters when there is nothing to copy.\n    - gh-127599: Fix statistics for increments of object\n      reference counts (in particular, when a reference count was\n      increased by more than 1 in a single operation).\n    - gh-127651: When raising ImportError for missing symbols\n      in from imports, use __file__ in the error message if\n      __spec__.origin is not a location\n    - gh-127582: Fix non-thread-safe object resurrection when\n      calling finalizers and watcher callbacks in the free\n      threading build.\n    - gh-127434: The iOS compiler shims can now accept arguments\n      with spaces.\n    - gh-127536: Add missing locks around some list assignment\n      operations in the free threading build.\n    - gh-126862: Fix a possible overflow when a class inherits\n      from an absurd number of super-classes. Reported by Valery\n      Fedorenko. Patch by B\u00e9n\u00e9dikt Tran.\n    - gh-127349: Fixed the error when resizing terminal in Python\n      REPL. Patch by Semyon Moroz.\n    - gh-126076: Relocated objects such as tuple, bytes and\n      str objects are properly tracked by tracemalloc and its\n      associated hooks. Patch by Pablo Galindo.\n  - C API\n    - gh-127791: Fix loss of callbacks after more than one call\n      to PyUnstable_AtExit().\n  - Build\n    - gh-129539: Don\u2019t redefine EX_OK when the system has the\n      sysexits.h header.\n    - gh-128472: Skip BOLT optimization of functions using\n      computed gotos, fixing errors on build with LLVM 19.\n    - gh-123925: Fix building the curses module on platforms with\n      libncurses but without libncursesw.\n    - gh-128321: Set LIBS instead of LDFLAGS when checking if\n      sqlite3 library functions are available. This fixes the\n      ordering of linked libraries during checks, which was\n      incorrect when using a statically linked libsqlite3.\n    - gh-127865: Fix build failure on systems without\n      thread-locals support.\n\n- Changes from version 3.13.1:\n  - Tools/Demos\n    - gh-126807: Fix extraction warnings in pygettext.py caused\n      by mistaking function definitions for function calls.\n    - gh-126167: The iOS testbed was modified so that it can be\n      used by third-party projects for testing purposes.\n  - Tests\n    - gh-126909: Fix test_os extended attribute tests to work on\n      filesystems with 1 KiB xattr size limit.\n    - gh-125041: Re-enable skipped tests for zlib on the\n      s390x architecture: only skip checks of the compressed\n      bytes, which can be different between zlib\u2019s software\n      implementation and the hardware-accelerated implementation.\n    - gh-124295: Add translation tests to the argparse module.\n  - Security\n    - gh-126623: Upgrade libexpat to 2.6.4\n    - gh-125140: Remove the current directory from sys.path when\n      using PyREPL.\n    - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to\n      consistently use the mapped IPv4 address value for deciding\n      properties. Properties which have their behavior fixed are\n      is_multicast, is_reserved, is_link_local, is_global, and\n      is_unspecified.\n  - Library\n    - gh-127321: pdb.set_trace() will not stop at an opcode that\n      does not have an associated line number anymore.\n    - gh-127303: Publicly expose EXACT_TOKEN_TYPES in\n      token.__all__.\n    - gh-123967: Fix faulthandler for trampoline frames. If the\n      top-most frame is a trampoline frame, skip it. Patch by\n      Victor Stinner.\n    - gh-127182: Fix io.StringIO.__setstate__() crash, when None\n      was passed as the first value.\n    - gh-127217: Fix urllib.request.pathname2url() for paths\n      starting with multiple slashes on Posix.\n    - gh-127035: Fix shutil.which on Windows. Now it looks at\n      direct match if and only if the command ends with a PATHEXT\n      extension or X_OK is not in mode. Support extensionless\n      files if \u201c.\u201d is in PATHEXT. Support PATHEXT extensions that\n      end with a dot.\n    - gh-122273: Support PyREPL history on Windows. Patch by\n      devdanzin and Victor Stinner.\n    - gh-127078: Fix issue where urllib.request.url2pathname()\n      failed to discard an extra slash before a UNC drive in the\n      URL path on Windows.\n    - gh-126766: Fix issue where urllib.request.url2pathname()\n      failed to discard any \u2018localhost\u2019 authority present in the\n      URL.\n    - gh-127065: Fix crash when calling a operator.methodcaller()\n      instance from multiple threads in the free threading build.\n    - gh-126997: Fix support of STRING and GLOBAL opcodes with\n      non-ASCII arguments in pickletools. pickletools.dis()\n      now outputs non-ASCII bytes in STRING, BINSTRING and\n      SHORT_BINSTRING arguments as escaped (\\xXX).\n    - gh-126316: grp: Make grp.getgrall() thread-safe by adding a\n      mutex. Patch by Victor Stinner.\n    - gh-126618: Fix the representation of itertools.count\n      objects when the count value is sys.maxsize.\n    - gh-85168: Fix issue where urllib.request.url2pathname() and\n      pathname2url() always used UTF-8 when quoting and unquoting\n      file URIs. They now use the filesystem encoding and error\n      handler.\n    - gh-67877: Fix memory leaks when regular expression matching\n      terminates abruptly, either because of a signal or because\n      memory allocation fails.\n    - gh-126789: Fixed the values of sysconfig.get_config_vars(),\n      sysconfig.get_paths(), and their siblings when the site\n      initialization happens after sysconfig has built a cache\n      for sysconfig.get_config_vars().\n    - gh-126188: Update bundled pip to 24.3.1\n    - gh-126780: Fix os.path.normpath() for drive-relative paths\n      on Windows.\n    - gh-126766: Fix issue where urllib.request.url2pathname()\n      failed to discard two leading slashes introducing an empty\n      authority section.\n    - gh-126727: locale.nl_langinfo(locale.ERA) now returns\n      multiple era description segments separated by\n      semicolons. Previously it only returned the first segment\n      on platforms with Glibc.\n    - gh-126699: Allow collections.abc.AsyncIterator to be a base\n      for Protocols.\n    - gh-126654: Fix crash when non-dict was passed to several\n      functions in _interpreters module.\n    - gh-104745: Limit starting a patcher (from\n      unittest.mock.patch() or unittest.mock.patch.object()) more\n      than once without stopping it\n    - gh-126595: Fix a crash when instantiating itertools.count\n      with an initial count of sys.maxsize on debug builds. Patch\n      by B\u00e9n\u00e9dikt Tran.\n    - gh-120423: Fix issue where urllib.request.pathname2url()\n      mishandled Windows paths with embedded forward slashes.\n    - gh-126565: Improve performances of zipfile.Path.open() for\n      non-reading modes.\n    - gh-126505: Fix bugs in compiling case-insensitive regular\n      expressions with character classes containing non-BMP\n      characters: upper-case non-BMP character did was ignored\n      and the ASCII flag was ignored when matching a character\n      range whose upper bound is beyond the BMP region.\n    - gh-117378: Fixed the multiprocessing \u0027forkserver\u0027\n      start method forkserver process to correctly inherit\n      the parent\u2019s sys.path during the importing of\n      multiprocessing.set_forkserver_preload() modules in the\n      same manner as sys.path is configured in workers before\n      executing work items.\n    - This bug caused some forkserver module preloading to\n      silently fail to preload. This manifested as a performance\n      degration in child processes when the sys.path was required\n      due to additional repeated work in every worker.\n    - It could also have a side effect of \u0027\u0027 remaining in\n      sys.path during forkserver preload imports instead of the\n      absolute path from os.getcwd() at multiprocessing import\n      time used in the worker sys.path.\n    - The sys.path differences between phases in the child\n      process could potentially have caused preload to import\n      incorrect things from the wrong location. We are unaware of\n      that actually having happened in practice.\n    - gh-125679: The multiprocessing.Lock and\n      multiprocessing.RLock repr values no longer say \u201cunknown\u201d\n      on macOS.\n    - gh-126476: Raise calendar.IllegalMonthError (now a subclass\n      of IndexError) for calendar.month() when the input month is\n      not correct.\n    - gh-126489: The Python implementation of pickle no longer\n      calls pickle.Pickler.persistent_id() for the result of\n      persistent_id().\n    - gh-126313: Fix an issue in curses.napms() when\n      curses.initscr() has not yet been called. Patch by B\u00e9n\u00e9dikt\n      Tran.\n    - gh-126303: Fix pickling and copying of os.sched_param\n      objects.\n    - gh-126138: Fix a use-after-free crash on asyncio.Task\n      objects whose underlying coroutine yields an object that\n      implements an evil __getattribute__(). Patch by Nico\n      Posada.\n    - gh-126220: Fix crash in cProfile.Profile and\n      _lsprof.Profiler when their callbacks were directly called\n      with 0 arguments.\n    - gh-126212: Fix issue where urllib.request.pathname2url()\n      and url2pathname() removed slashes from Windows DOS drive\n      paths and URLs.\n    - gh-126223: Raise a UnicodeEncodeError instead of a\n      SystemError upon calling _interpreters.create() with an\n      invalid Unicode character.\n    - gh-126205: Fix issue where urllib.request.pathname2url()\n      generated URLs beginning with four slashes (rather than\n      two) when given a Windows UNC path.\n    - gh-126105: Fix a crash in ast when the ast.AST._fields\n      attribute is deleted.\n    - gh-126106: Fixes a possible NULL pointer dereference in\n      ssl.\n    - gh-126080: Fix a use-after-free crash on asyncio.Task\n      objects for which the underlying event loop implements an\n      evil __getattribute__(). Reported by Nico-Posada. Patch by\n      B\u00e9n\u00e9dikt Tran.\n    - gh-126083: Fixed a reference leak in asyncio.Task objects\n      when reinitializing the same object with a non-None\n      context. Patch by Nico Posada.\n    - gh-125984: Fix use-after-free crashes on asyncio.Future\n      objects for which the underlying event loop implements an\n      evil __getattribute__(). Reported by Nico-Posada. Patch by\n      B\u00e9n\u00e9dikt Tran.\n    - gh-125969: Fix an out-of-bounds crash when an evil\n      asyncio.loop.call_soon() mutates the length of the internal\n      callbacks list. Patch by B\u00e9n\u00e9dikt Tran.\n    - gh-125966: Fix a use-after-free crash in\n      asyncio.Future.remove_done_callback(). Patch by B\u00e9n\u00e9dikt\n      Tran.\n    - gh-125789: Fix possible crash when mutating list of\n      callbacks returned by asyncio.Future._callbacks. It\n      now always returns a new copy in C implementation\n      _asyncio. Patch by Kumar Aditya.\n    - gh-124452: Fix an issue in\n      email.policy.EmailPolicy.header_source_parse() and\n      email.policy.Compat32.header_source_parse() that introduced\n      spurious leading whitespaces into header values when the\n      header includes a newline character after the header name\n      delimiter (:) and before the value.\n    - gh-125884: Fixed the bug for pdb where it can\u2019t set\n      breakpoints on functions with certain annotations.\n    - gh-125355: Fix several bugs in\n      argparse.ArgumentParser.parse_intermixed_args().\n        - The parser no longer changes temporarily during\n          parsing.\n        - Default values are not processed twice.\n        - Required mutually exclusive groups containing\n          positional arguments are now supported.\n        - The missing arguments report now includes the names of\n          all required optional and positional arguments.\n        - Unknown options can be intermixed with positional\n          arguments in parse_known_intermixed_args().\n    - gh-125666: Avoid the exiting the interpreter if a null byte\n      is given as input in the new REPL.\n    - gh-125710: [Enum] fix hashable\u003c-\u003enonhashable comparisons\n      for member values\n    - gh-125631: Restore ability to set persistent_id and\n      persistent_load attributes of instances of the Pickler and\n      Unpickler classes in the pickle module.\n    - gh-125378: Fixed the bug in pdb where after a multi-line\n      command, an empty line repeats the first line of the\n      multi-line command, instead of the full command.\n    - gh-125682: Reject non-ASCII digits in the Python\n      implementation of json.loads() conforming to the JSON\n      specification.\n    - gh-125660: Reject invalid unicode escapes for Python\n      implementation of json.loads().\n    - gh-125259: Fix the notes removal logic for errors thrown in\n      enum initialization.\n    - gh-125590: Allow FrameLocalsProxy to delete and pop if the\n      key is not a fast variable.\n    - gh-125519: Improve traceback if importlib.reload() is\n      called with an object that is not a module. Patch by Alex\n      Waygood.\n    - gh-125451: Fix deadlock when\n      concurrent.futures.ProcessPoolExecutor shuts down\n      concurrently with an error when feeding a job to a worker\n      process.\n    - gh-125422: Fixed the bug where pdb and bdb can step into\n      the bottom caller frame.\n    - gh-100141: Fixed the bug where pdb will be stuck in an\n      infinite loop when debugging an empty file.\n    - gh-125115: Fixed a bug in pdb where arguments starting with\n      - can\u2019t be passed to the debugged script.\n    - gh-53203: Fix time.strptime() for %c, %x and %X formats\n      in many locales that use non-ASCII digits, like Persian,\n      Burmese, Odia and Shan.\n    - gh-125398: Fix the conversion of the VIRTUAL_ENV path in\n      the activate script in venv when running in Git Bash for\n      Windows.\n    - gh-125316: Fix using functools.partial() as enum.Enum\n      member. A FutureWarning with suggestion to use\n      enum.member() is now emitted when the partial instance is\n      used as an enum member.\n    - gh-125245: Fix race condition when importing\n      collections.abc, which could incorrectly return an empty\n      module.\n    - gh-125243: Fix data race when creating zoneinfo.ZoneInfo\n      objects in the free threading build.\n    - gh-125254: Fix a bug where ArgumentError includes the\n      incorrect ambiguous option in argparse.\n    - gh-125235: Keep tkinter TCL paths in venv pointing to base\n      installation on Windows.\n    - gh-61011: Fix inheritance of nested mutually\n      exclusive groups from parent parser in\n      argparse.ArgumentParser. Previously, all nested mutually\n      exclusive groups lost their connection to the group\n      containing them and were displayed as belonging directly to\n      the parser.\n    - gh-52551: Fix encoding issues in time.strftime(), the\n      strftime() method of the datetime classes datetime, date\n      and time and formatting of these classes. Characters\n      not encodable in the current locale are now acceptable\n      in the format string. Surrogate pairs and sequence\n      of surrogatescape-encoded bytes are no longer\n      recombinated. Embedded null character no longer terminates\n      the format string.\n    - gh-125118: Don\u2019t copy arbitrary values to _Bool in the\n      struct module.\n    - gh-125069: Fix an issue where providing a pathlib.PurePath\n      object as an initializer argument to a second PurePath\n      object with a different parser resulted in arguments to\n      the former object\u2019s initializer being joined by the latter\n      object\u2019s parser.\n    - gh-125096: If the PYTHON_BASIC_REPL environment variable\n      is set, the site module no longer imports the _pyrepl\n      module. Moreover, the site module now respects -E and -I\n      command line options: ignore PYTHON_BASIC_REPL in this\n      case. Patch by Victor Stinner.\n    - gh-124969: Fix locale.nl_langinfo(locale.ALT_DIGITS) on\n      platforms with glibc. Now it returns a string consisting of\n      up to 100 semicolon-separated symbols (an empty string in\n      most locales) on all Posix platforms. Previously it only\n      returned the first symbol or an empty string.\n    - gh-124960: Fix support for the barry_as_FLUFL future flag\n      in the new REPL.\n    - gh-124984: Fixed thread safety in ssl in the free-threaded\n      build. OpenSSL operations are now protected by a per-object\n      lock.\n    - gh-124958: Fix refcycles in exceptions raised from\n      asyncio.TaskGroup and the python implementation of\n      asyncio.Future\n    - gh-53203: Fix time.strptime() for %c and %x formats in many\n      locales: Arabic, Bislama, Breton, Bodo, Kashubian, Chuvash,\n      Estonian, French, Irish, Ge\u2019ez, Gurajati, Manx Gaelic,\n      Hebrew, Hindi, Chhattisgarhi, Haitian Kreyol, Japanese,\n      Kannada, Korean, Marathi, Malay, Norwegian, Nynorsk,\n      Punjabi, Rajasthani, Tok Pisin, Yoruba, Yue Chinese,\n      Yau/Nungon and Chinese.\n    - gh-124917: Allow calling os.path.exists() and\n      os.path.lexists() with keyword arguments on Windows. Fixes\n      a regression in 3.13.0.\n    - gh-124653: Fix detection of the minimal Queue API needed by\n      the logging module. Patch by B\u00e9n\u00e9dikt Tran.\n    - gh-124858: Fix reference cycles left in tracebacks\n      in asyncio.open_connection() when used with\n      happy_eyeballs_delay\n    - gh-124390: Fixed AssertionError when using\n      asyncio.staggered.staggered_race() with\n      asyncio.eager_task_factory.\n    - gh-124651: Properly quote template strings in venv\n      activation scripts (bsc#1232241, CVE-2024-9287).\n    - gh-116850: Fix argparse for namespaces with not directly\n      writable dict (e.g. classes).\n    - gh-58573: Fix conflicts between abbreviated long options in\n      the parent parser and subparsers in argparse.\n    - gh-124594: All asyncio REPL prompts run in the same\n      context. Contributed by Bartosz S\u0142awecki.\n    - gh-61181: Fix support of choices with string value in\n      argparse. Substrings of the specified string no longer\n      considered valid values.\n    - gh-80259: Fix argparse support of positional arguments with\n      nargs=\u0027?\u0027, default=argparse.SUPPRESS and specified type.\n    - gh-120378: Fix a crash related to an integer overflow in\n      curses.resizeterm() and curses.resize_term().\n    - gh-123884: Fixed bug in itertools.tee() handling of other\n      tee inputs (a tee in a tee). The output now has the\n      promised n independent new iterators. Formerly, the first\n      iterator was identical (not independent) to the input\n      iterator. This would sometimes give surprising results.\n    - gh-58956: Fixed a bug in pdb where sometimes the breakpoint\n      won\u2019t trigger if it was set on a function which is already\n      in the call stack.\n    - gh-124345: argparse vim supports abbreviated single-dash\n      long options separated by = from its value.\n    - gh-104860: Fix disallowing abbreviation of single-dash long\n      options in argparse with allow_abbrev=False.\n    - gh-63143: Fix parsing mutually exclusive arguments in\n      argparse. Arguments with the value identical to the default\n      value (e.g. booleans, small integers, empty or 1-character\n      strings) are no longer considered \u201cnot present\u201d.\n    - gh-72795: Positional arguments with nargs equal to \u0027*\u0027 or\n      argparse.REMAINDER are no longer required. This allows to\n      use positional argument with nargs=\u0027*\u0027 and without default\n      in mutually exclusive group and improves error message\n      about required arguments.\n    - gh-59317: Fix parsing positional argument with nargs equal\n      to \u0027?\u0027 or \u0027*\u0027 if it is preceded by an option and another\n      positional argument.\n    - gh-53780: argparse now ignores the first \u0027--\u0027 (double dash)\n      between an option and command.\n    - gh-124217: Add RFC 9637 reserved IPv6 block 3fff::/20 in\n      ipaddress module.\n    - gh-81691: Fix handling of multiple \u0027--\u0027 (double dashes)\n      in argparse. Only the first one has now been removed, all\n      subsequent ones are now taken literally.\n    - gh-123978: Remove broken time.thread_time() and\n      time.thread_time_ns() on NetBSD.\n    - gh-124008: Fix possible crash (in debug build), incorrect\n      output or returning incorrect value from raw binary write()\n      when writing to console on Windows.\n    - gh-123935: Fix parent slots detection for dataclasses that\n      inherit from classes with __dictoffset__.\n    - gh-122765: Fix unbalanced quote errors occurring when\n      activate.csh in venv was sourced with a custom prompt\n      containing unpaired quotes or newlines.\n    - gh-123370: Fix the canvas not clearing after running\n      turtledemo clock.\n    - gh-116810: Resolve a memory leak introduced in CPython\n      3.10\u2019s ssl when the ssl.SSLSocket.session property was\n      accessed. Speeds up read and write access to said property\n      by no longer unnecessarily cloning session objects via\n      serialization.\n    - gh-120754: Update unbounded read calls in zipfile to\n      specify an explicit size putting a limit on how much data\n      they may read. This also updates handling around ZIP max\n      comment size to match the standard instead of reading\n      comments that are one byte too long.\n    - gh-70764: Fixed an issue where inspect.getclosurevars()\n      would incorrectly classify an attribute name as a global\n      variable when the name exists both as an attribute name and\n      a global variable.\n    - gh-118289: posixpath.realpath() now raises\n      NotADirectoryError when strict mode is enabled and a\n      non-directory path with a trailing slash is supplied.\n    - gh-119826: Always return an absolute path for\n      os.path.abspath() on Windows.\n    - gh-117766: Always use str() to print choices in argparse.\n    - gh-101955: Fix SystemError when match regular expression\n      pattern containing some combination of possessive\n      quantifier, alternative and capture group.\n    - gh-88110: Fixed multiprocessing.Process reporting a\n      .exitcode of 1 even on success when using the \u0027fork\u0027 start\n      method while using a concurrent.futures.ThreadPoolExecutor.\n    - gh-71936: Fix a race condition in\n      multiprocessing.pool.Pool.\n    - bpo-46128: Strip unittest.IsolatedAsyncioTestCase stack\n      frames from reported stacktraces.\n    - bpo-14074: Fix argparse metavar processing to allow\n      positional arguments to have a tuple metavar.\n  - IDLE\n    - gh-122392: Increase currently inadequate vertical spacing\n      for the IDLE browsers (path, module, and stack) on\n      high-resolution monitors.\n  - Documentation\n    - gh-126622: Added stub pages for removed modules explaining\n      their removal, where to find replacements, and linking to\n      the last Python version that supported them. Contributed by\n      Ned Batchelder.\n    - gh-125277: Require Sphinx 7.2.6 or later to build the\n      Python documentation. Patch by Adam Turner.\n    - gh-124872: Added definitions for context, current\n      context, and context management protocol, updated\n      related definitions to be consistent, and expanded the\n      documentation for contextvars.Context.\n    - gh-125018: The importlib.metadata documentation now\n      includes semantic cross-reference targets for the\n      significant documented APIs. This means intersphinx\n      references like importlib.metadata.version() will now work\n      as expected.\n    - gh-70870: Clarified the dual usage of the term \u201cfree\n      variable\u201d (both the formal meaning of any reference\n      to names defined outside the local scope, and the\n      narrower pragmatic meaning of nonlocal variables named in\n      co_freevars).\n    - gh-121277: Writers of CPython\u2019s documentation can now use\n      next as the version for the versionchanged, versionadded,\n      deprecated directives.\n    - gh-60712: Include the object type in the lists of\n      documented types. Change by Furkan Onder and Martin Panter.\n    - bpo-34008: The Py_Main() documentation moved from the\n      \u201cVery High Level API\u201d section to the \u201cInitialization and\n      Finalization\u201d section.\n    - Also make it explicit that we expect Py_Main to\n      typically be called instead of Py_Initialize rather\n      than after it (since Py_Main makes its own call to\n      Py_Initialize). Document that calling both is supported\n      but is version dependent on which settings will be applied\n      correctly.\n  - Core and Builtins\n    - gh-113841: Fix possible undefined behavior division by zero\n      in complex\u2019s _Py_c_pow().\n    - gh-127020: Fix a crash in the free threading build\n      when PyCode_GetCode(), PyCode_GetVarnames(),\n      PyCode_GetCellvars(), or PyCode_GetFreevars() were called\n      from multiple threads at the same time.\n    - gh-126980: Fix __buffer__() of bytearray crashing when READ\n      or WRITE are passed as flags.\n    - gh-126881: Fix crash in finalization of dtoa state. Patch\n      by Kumar Aditya.\n    - gh-126341: Now ValueError is raised instead of SystemError\n      when trying to iterate over a released memoryview object.\n    - gh-126688: Fix a crash when calling os.fork() on some\n      operating systems, including SerenityOS.\n    - gh-126066: Fix importlib to not write an incomplete\n      .pyc files when a ulimit or some other operating system\n      mechanism is preventing the write to go through fully.\n    - gh-126312: Fix crash during garbage collection on an object\n      frozen by gc.freeze() on the free-threaded build.\n    - gh-126139: Provide better error location when attempting to\n      use a future statement with an unknown future feature.\n    - gh-126018: Fix a crash in sys.audit() when passing a\n      non-string as first argument and Python was compiled in\n      debug mode.\n    - gh-125942: On Android, the errors setting of sys.stdout was\n      changed from surrogateescape to backslashreplace.\n    - gh-125859: Fix a crash in the free threading build when\n      gc.get_objects() or gc.get_referrers() is called during an\n      in-progress garbage collection.\n    - gh-125703: Correctly honour tracemalloc hooks in\n      specialized Py_DECREF paths. Patch by Pablo Galindo\n    - gh-125593: Use color to highlight error locations in\n      traceback from exception group\n    - gh-125444: Fix illegal instruction for older Arm\n      architectures. Patch by Diego Russo, testing by Ross\n      Burton.\n    - gh-124375: Fix a crash in the free threading build when the\n      GC runs concurrently with a new thread starting.\n    - gh-125221: Fix possible race condition when calling\n      __reduce_ex__() for the first time in the free threading\n      build.\n    - gh-125038: Fix crash when iterating over a generator\n      expression after direct changes on gi_frame.f_locals. Patch\n      by Mikhail Efimov.\n    - gh-123378: Fix a crash in the __str__() method of\n      UnicodeError objects when the UnicodeError.start and\n      UnicodeError.end values are invalid or out-of-range. Patch\n      by B\u00e9n\u00e9dikt Tran.\n    - gh-116510: Fix a crash caused by immortal interned strings\n      being shared between sub-interpreters that use basic\n      single-phase init. In that case, the string can be used\n      by an interpreter that outlives the interpreter that\n      created and interned it. For interpreters that share\n      obmalloc state, also share the interned dict with the main\n      interpreter.\n    - gh-122878: Use the pager binary, if available (e.g. on\n      Debian and derivatives), to display REPL help().\n    - gh-124188: Fix reading and decoding a line from the source\n      file witn non-UTF-8 encoding for syntax errors raised in\n      the compiler.\n    - gh-123930: Improve the error message when a script\n      shadowing a module from the standard library causes\n      ImportError to be raised during a \u201cfrom\u201d import. Similarly,\n      improve the error message when a script shadowing a third\n      party module attempts to \u201cfrom\u201d import an attribute from\n      that third party module while still initialising.\n    - gh-122907: Building with HAVE_DYNAMIC_LOADING\n      now works as well as it did in 3.12. Existing\n      deficiences will be addressed separately. (See\n      https://github.com/python/cpython/issues/122950.)\n    - gh-118950: Fix bug where SSLProtocol.connection_lost wasn\u2019t\n      getting called when OSError was thrown on writing to\n      socket.\n    - gh-113570: Fixed a bug in reprlib.repr where it incorrectly\n      called the repr method on shadowed Python built-in types.\n    - gh-109746: If _thread.start_new_thread() fails to start a\n      new thread, it deletes its state from interpreter and thus\n      avoids its repeated cleanup on finalization.\n  - C API\n    - gh-126554: Fix error handling in ctypes.CDLL objects which\n      could result in a crash in rare situations.\n    - gh-125608: Fix a bug where dictionary watchers\n      (e.g., PyDict_Watch()) on an object\u2019s attribute dictionary\n      (__dict__) were not triggered when the object\u2019s attributes\n      were modified.\n    - bpo-34008: Added Py_IsInitialized to the list of APIs that\n      are safe to call before the interpreter is initialized, and\n      updated the embedding tests to cover it.\n  - Build\n    - gh-123877: Set wasm32-wasip1 as the WASI target. The old\n      wasm32-wasi target is deprecated so it can be used for an\n      eventual WASI 1.0.\n    - gh-89640: Hard-code float word ordering as little endian on\n      WASM.\n    - gh-125940: The Android build now supports 16 KB page sizes.\n    - gh-89640: Improve detection of float word ordering on Linux\n      when link-time optimizations are enabled.\n    - gh-125269: Fix detection of whether -latomic is needed when\n      cross-compiling CPython using the configure script.\n    - gh-121634: Allow for specifying the target compile triple\n      for WASI.\n    - gh-122578: Use WASI SDK 24 for testing.\n    - gh-115382: Fix cross compile failures when the host and\n      target SOABIs match.\n\n- Skip PGO with %want_reproducible_builds (bsc#1239210).\n- Configure externally_managed with a bcond https://en.opensuse.org/openSUSE:Python:Externally_managed (bsc#1228165).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-2074,SUSE-SLE-Module-Python3-15-SP7-2025-2074",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02074-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:02074-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502074-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:02074-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040440.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1228165",
        "url": "https://bugzilla.suse.com/1228165"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1232241",
        "url": "https://bugzilla.suse.com/1232241"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1234290",
        "url": "https://bugzilla.suse.com/1234290"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1236705",
        "url": "https://bugzilla.suse.com/1236705"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1238450",
        "url": "https://bugzilla.suse.com/1238450"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1239210",
        "url": "https://bugzilla.suse.com/1239210"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243273",
        "url": "https://bugzilla.suse.com/1243273"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1244032",
        "url": "https://bugzilla.suse.com/1244032"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1244056",
        "url": "https://bugzilla.suse.com/1244056"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1244059",
        "url": "https://bugzilla.suse.com/1244059"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1244060",
        "url": "https://bugzilla.suse.com/1244060"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-12254 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-12254/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-12718 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-12718/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-9287 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-9287/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-0938 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-0938/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1795 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1795/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-4138 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-4138/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-4330 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-4330/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-4516 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-4516/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-4517 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-4517/"
      }
    ],
    "title": "Security update for python313",
    "tracking": {
      "current_release_date": "2025-06-24T07:26:36Z",
      "generator": {
        "date": "2025-06-24T07:26:36Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:02074-1",
      "initial_release_date": "2025-06-24T07:26:36Z",
      "revision_history": [
        {
          "date": "2025-06-24T07:26:36Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
                "product": {
                  "name": "libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
                  "product_id": "libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-3.13.5-150700.4.11.1.aarch64",
                "product": {
                  "name": "python313-3.13.5-150700.4.11.1.aarch64",
                  "product_id": "python313-3.13.5-150700.4.11.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-base-3.13.5-150700.4.11.1.aarch64",
                "product": {
                  "name": "python313-base-3.13.5-150700.4.11.1.aarch64",
                  "product_id": "python313-base-3.13.5-150700.4.11.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-curses-3.13.5-150700.4.11.1.aarch64",
                "product": {
                  "name": "python313-curses-3.13.5-150700.4.11.1.aarch64",
                  "product_id": "python313-curses-3.13.5-150700.4.11.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-dbm-3.13.5-150700.4.11.1.aarch64",
                "product": {
                  "name": "python313-dbm-3.13.5-150700.4.11.1.aarch64",
                  "product_id": "python313-dbm-3.13.5-150700.4.11.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-devel-3.13.5-150700.4.11.1.aarch64",
                "product": {
                  "name": "python313-devel-3.13.5-150700.4.11.1.aarch64",
                  "product_id": "python313-devel-3.13.5-150700.4.11.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-doc-3.13.5-150700.4.11.1.aarch64",
                "product": {
                  "name": "python313-doc-3.13.5-150700.4.11.1.aarch64",
                  "product_id": "python313-doc-3.13.5-150700.4.11.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-doc-devhelp-3.13.5-150700.4.11.1.aarch64",
                "product": {
                  "name": "python313-doc-devhelp-3.13.5-150700.4.11.1.aarch64",
                  "product_id": "python313-doc-devhelp-3.13.5-150700.4.11.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-idle-3.13.5-150700.4.11.1.aarch64",
                "product": {
                  "name": "python313-idle-3.13.5-150700.4.11.1.aarch64",
                  "product_id": "python313-idle-3.13.5-150700.4.11.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-testsuite-3.13.5-150700.4.11.1.aarch64",
                "product": {
                  "name": "python313-testsuite-3.13.5-150700.4.11.1.aarch64",
                  "product_id": "python313-testsuite-3.13.5-150700.4.11.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-tk-3.13.5-150700.4.11.1.aarch64",
                "product": {
                  "name": "python313-tk-3.13.5-150700.4.11.1.aarch64",
                  "product_id": "python313-tk-3.13.5-150700.4.11.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-tools-3.13.5-150700.4.11.1.aarch64",
                "product": {
                  "name": "python313-tools-3.13.5-150700.4.11.1.aarch64",
                  "product_id": "python313-tools-3.13.5-150700.4.11.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpython3_13-1_0-64bit-3.13.5-150700.4.11.1.aarch64_ilp32",
                "product": {
                  "name": "libpython3_13-1_0-64bit-3.13.5-150700.4.11.1.aarch64_ilp32",
                  "product_id": "libpython3_13-1_0-64bit-3.13.5-150700.4.11.1.aarch64_ilp32"
                }
              },
              {
                "category": "product_version",
                "name": "python313-64bit-3.13.5-150700.4.11.1.aarch64_ilp32",
                "product": {
                  "name": "python313-64bit-3.13.5-150700.4.11.1.aarch64_ilp32",
                  "product_id": "python313-64bit-3.13.5-150700.4.11.1.aarch64_ilp32"
                }
              },
              {
                "category": "product_version",
                "name": "python313-base-64bit-3.13.5-150700.4.11.1.aarch64_ilp32",
                "product": {
                  "name": "python313-base-64bit-3.13.5-150700.4.11.1.aarch64_ilp32",
                  "product_id": "python313-base-64bit-3.13.5-150700.4.11.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpython3_13-1_0-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "libpython3_13-1_0-3.13.5-150700.4.11.1.i586",
                  "product_id": "libpython3_13-1_0-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libpython3_13t1_0-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "libpython3_13t1_0-3.13.5-150700.4.11.1.i586",
                  "product_id": "libpython3_13t1_0-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python313-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "python313-3.13.5-150700.4.11.1.i586",
                  "product_id": "python313-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python313-base-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "python313-base-3.13.5-150700.4.11.1.i586",
                  "product_id": "python313-base-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python313-curses-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "python313-curses-3.13.5-150700.4.11.1.i586",
                  "product_id": "python313-curses-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python313-dbm-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "python313-dbm-3.13.5-150700.4.11.1.i586",
                  "product_id": "python313-dbm-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python313-devel-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "python313-devel-3.13.5-150700.4.11.1.i586",
                  "product_id": "python313-devel-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python313-doc-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "python313-doc-3.13.5-150700.4.11.1.i586",
                  "product_id": "python313-doc-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python313-doc-devhelp-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "python313-doc-devhelp-3.13.5-150700.4.11.1.i586",
                  "product_id": "python313-doc-devhelp-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python313-idle-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "python313-idle-3.13.5-150700.4.11.1.i586",
                  "product_id": "python313-idle-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "python313-nogil-3.13.5-150700.4.11.1.i586",
                  "product_id": "python313-nogil-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-base-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "python313-nogil-base-3.13.5-150700.4.11.1.i586",
                  "product_id": "python313-nogil-base-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-curses-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "python313-nogil-curses-3.13.5-150700.4.11.1.i586",
                  "product_id": "python313-nogil-curses-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-dbm-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "python313-nogil-dbm-3.13.5-150700.4.11.1.i586",
                  "product_id": "python313-nogil-dbm-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-devel-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "python313-nogil-devel-3.13.5-150700.4.11.1.i586",
                  "product_id": "python313-nogil-devel-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-idle-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "python313-nogil-idle-3.13.5-150700.4.11.1.i586",
                  "product_id": "python313-nogil-idle-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-testsuite-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "python313-nogil-testsuite-3.13.5-150700.4.11.1.i586",
                  "product_id": "python313-nogil-testsuite-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-tk-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "python313-nogil-tk-3.13.5-150700.4.11.1.i586",
                  "product_id": "python313-nogil-tk-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-tools-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "python313-nogil-tools-3.13.5-150700.4.11.1.i586",
                  "product_id": "python313-nogil-tools-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python313-testsuite-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "python313-testsuite-3.13.5-150700.4.11.1.i586",
                  "product_id": "python313-testsuite-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python313-tk-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "python313-tk-3.13.5-150700.4.11.1.i586",
                  "product_id": "python313-tk-3.13.5-150700.4.11.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python313-tools-3.13.5-150700.4.11.1.i586",
                "product": {
                  "name": "python313-tools-3.13.5-150700.4.11.1.i586",
                  "product_id": "python313-tools-3.13.5-150700.4.11.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libpython3_13t1_0-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "libpython3_13t1_0-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "libpython3_13t1_0-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "python313-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "python313-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-base-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "python313-base-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "python313-base-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-curses-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "python313-curses-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "python313-curses-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-dbm-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "python313-dbm-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "python313-dbm-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-devel-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "python313-devel-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "python313-devel-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-doc-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "python313-doc-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "python313-doc-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-doc-devhelp-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "python313-doc-devhelp-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "python313-doc-devhelp-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-idle-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "python313-idle-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "python313-idle-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "python313-nogil-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "python313-nogil-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-base-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "python313-nogil-base-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "python313-nogil-base-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-curses-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "python313-nogil-curses-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "python313-nogil-curses-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-dbm-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "python313-nogil-dbm-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "python313-nogil-dbm-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-devel-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "python313-nogil-devel-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "python313-nogil-devel-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-idle-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "python313-nogil-idle-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "python313-nogil-idle-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-testsuite-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "python313-nogil-testsuite-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "python313-nogil-testsuite-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-tk-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "python313-nogil-tk-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "python313-nogil-tk-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-tools-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "python313-nogil-tools-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "python313-nogil-tools-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-testsuite-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "python313-testsuite-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "python313-testsuite-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-tk-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "python313-tk-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "python313-tk-3.13.5-150700.4.11.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-tools-3.13.5-150700.4.11.1.ppc64le",
                "product": {
                  "name": "python313-tools-3.13.5-150700.4.11.1.ppc64le",
                  "product_id": "python313-tools-3.13.5-150700.4.11.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
                  "product_id": "libpython3_13-1_0-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libpython3_13t1_0-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "libpython3_13t1_0-3.13.5-150700.4.11.1.s390x",
                  "product_id": "libpython3_13t1_0-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "python313-3.13.5-150700.4.11.1.s390x",
                  "product_id": "python313-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-base-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "python313-base-3.13.5-150700.4.11.1.s390x",
                  "product_id": "python313-base-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-curses-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "python313-curses-3.13.5-150700.4.11.1.s390x",
                  "product_id": "python313-curses-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-dbm-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "python313-dbm-3.13.5-150700.4.11.1.s390x",
                  "product_id": "python313-dbm-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-devel-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "python313-devel-3.13.5-150700.4.11.1.s390x",
                  "product_id": "python313-devel-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-doc-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "python313-doc-3.13.5-150700.4.11.1.s390x",
                  "product_id": "python313-doc-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-doc-devhelp-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "python313-doc-devhelp-3.13.5-150700.4.11.1.s390x",
                  "product_id": "python313-doc-devhelp-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-idle-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "python313-idle-3.13.5-150700.4.11.1.s390x",
                  "product_id": "python313-idle-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "python313-nogil-3.13.5-150700.4.11.1.s390x",
                  "product_id": "python313-nogil-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-base-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "python313-nogil-base-3.13.5-150700.4.11.1.s390x",
                  "product_id": "python313-nogil-base-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-curses-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "python313-nogil-curses-3.13.5-150700.4.11.1.s390x",
                  "product_id": "python313-nogil-curses-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-dbm-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "python313-nogil-dbm-3.13.5-150700.4.11.1.s390x",
                  "product_id": "python313-nogil-dbm-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-devel-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "python313-nogil-devel-3.13.5-150700.4.11.1.s390x",
                  "product_id": "python313-nogil-devel-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-idle-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "python313-nogil-idle-3.13.5-150700.4.11.1.s390x",
                  "product_id": "python313-nogil-idle-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-testsuite-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "python313-nogil-testsuite-3.13.5-150700.4.11.1.s390x",
                  "product_id": "python313-nogil-testsuite-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-tk-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "python313-nogil-tk-3.13.5-150700.4.11.1.s390x",
                  "product_id": "python313-nogil-tk-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-tools-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "python313-nogil-tools-3.13.5-150700.4.11.1.s390x",
                  "product_id": "python313-nogil-tools-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-testsuite-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "python313-testsuite-3.13.5-150700.4.11.1.s390x",
                  "product_id": "python313-testsuite-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-tk-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "python313-tk-3.13.5-150700.4.11.1.s390x",
                  "product_id": "python313-tk-3.13.5-150700.4.11.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-tools-3.13.5-150700.4.11.1.s390x",
                "product": {
                  "name": "python313-tools-3.13.5-150700.4.11.1.s390x",
                  "product_id": "python313-tools-3.13.5-150700.4.11.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpython3_13-1_0-32bit-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "libpython3_13-1_0-32bit-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "libpython3_13-1_0-32bit-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpython3_13t1_0-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "libpython3_13t1_0-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "libpython3_13t1_0-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-32bit-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-32bit-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-32bit-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-base-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-base-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-base-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-base-32bit-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-base-32bit-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-base-32bit-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-curses-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-curses-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-curses-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-dbm-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-dbm-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-dbm-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-devel-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-devel-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-devel-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-doc-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-doc-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-doc-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-doc-devhelp-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-doc-devhelp-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-doc-devhelp-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-idle-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-idle-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-idle-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-nogil-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-nogil-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-base-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-nogil-base-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-nogil-base-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-curses-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-nogil-curses-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-nogil-curses-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-dbm-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-nogil-dbm-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-nogil-dbm-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-devel-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-nogil-devel-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-nogil-devel-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-idle-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-nogil-idle-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-nogil-idle-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-testsuite-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-nogil-testsuite-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-nogil-testsuite-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-tk-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-nogil-tk-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-nogil-tk-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-nogil-tools-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-nogil-tools-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-nogil-tools-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-testsuite-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-testsuite-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-testsuite-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-tk-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-tk-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-tk-3.13.5-150700.4.11.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-tools-3.13.5-150700.4.11.1.x86_64",
                "product": {
                  "name": "python313-tools-3.13.5-150700.4.11.1.x86_64",
                  "product_id": "python313-tools-3.13.5-150700.4.11.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Python 3 15 SP7",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Python 3 15 SP7",
                  "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-python3:15:sp7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64"
        },
        "product_reference": "libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le"
        },
        "product_reference": "libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpython3_13-1_0-3.13.5-150700.4.11.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x"
        },
        "product_reference": "libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64"
        },
        "product_reference": "libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-3.13.5-150700.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64"
        },
        "product_reference": "python313-3.13.5-150700.4.11.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-3.13.5-150700.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le"
        },
        "product_reference": "python313-3.13.5-150700.4.11.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-3.13.5-150700.4.11.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x"
        },
        "product_reference": "python313-3.13.5-150700.4.11.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-3.13.5-150700.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64"
        },
        "product_reference": "python313-3.13.5-150700.4.11.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-base-3.13.5-150700.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64"
        },
        "product_reference": "python313-base-3.13.5-150700.4.11.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-base-3.13.5-150700.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le"
        },
        "product_reference": "python313-base-3.13.5-150700.4.11.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-base-3.13.5-150700.4.11.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x"
        },
        "product_reference": "python313-base-3.13.5-150700.4.11.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-base-3.13.5-150700.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64"
        },
        "product_reference": "python313-base-3.13.5-150700.4.11.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-curses-3.13.5-150700.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64"
        },
        "product_reference": "python313-curses-3.13.5-150700.4.11.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-curses-3.13.5-150700.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le"
        },
        "product_reference": "python313-curses-3.13.5-150700.4.11.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-curses-3.13.5-150700.4.11.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x"
        },
        "product_reference": "python313-curses-3.13.5-150700.4.11.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-curses-3.13.5-150700.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64"
        },
        "product_reference": "python313-curses-3.13.5-150700.4.11.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-dbm-3.13.5-150700.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64"
        },
        "product_reference": "python313-dbm-3.13.5-150700.4.11.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-dbm-3.13.5-150700.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le"
        },
        "product_reference": "python313-dbm-3.13.5-150700.4.11.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-dbm-3.13.5-150700.4.11.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x"
        },
        "product_reference": "python313-dbm-3.13.5-150700.4.11.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-dbm-3.13.5-150700.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64"
        },
        "product_reference": "python313-dbm-3.13.5-150700.4.11.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-devel-3.13.5-150700.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64"
        },
        "product_reference": "python313-devel-3.13.5-150700.4.11.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-devel-3.13.5-150700.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le"
        },
        "product_reference": "python313-devel-3.13.5-150700.4.11.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-devel-3.13.5-150700.4.11.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x"
        },
        "product_reference": "python313-devel-3.13.5-150700.4.11.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-devel-3.13.5-150700.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64"
        },
        "product_reference": "python313-devel-3.13.5-150700.4.11.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-idle-3.13.5-150700.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64"
        },
        "product_reference": "python313-idle-3.13.5-150700.4.11.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-idle-3.13.5-150700.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le"
        },
        "product_reference": "python313-idle-3.13.5-150700.4.11.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-idle-3.13.5-150700.4.11.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x"
        },
        "product_reference": "python313-idle-3.13.5-150700.4.11.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-idle-3.13.5-150700.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64"
        },
        "product_reference": "python313-idle-3.13.5-150700.4.11.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-tk-3.13.5-150700.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64"
        },
        "product_reference": "python313-tk-3.13.5-150700.4.11.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-tk-3.13.5-150700.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le"
        },
        "product_reference": "python313-tk-3.13.5-150700.4.11.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-tk-3.13.5-150700.4.11.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x"
        },
        "product_reference": "python313-tk-3.13.5-150700.4.11.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-tk-3.13.5-150700.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64"
        },
        "product_reference": "python313-tk-3.13.5-150700.4.11.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-tools-3.13.5-150700.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64"
        },
        "product_reference": "python313-tools-3.13.5-150700.4.11.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-tools-3.13.5-150700.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le"
        },
        "product_reference": "python313-tools-3.13.5-150700.4.11.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-tools-3.13.5-150700.4.11.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x"
        },
        "product_reference": "python313-tools-3.13.5-150700.4.11.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-tools-3.13.5-150700.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
        },
        "product_reference": "python313-tools-3.13.5-150700.4.11.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-12254",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-12254"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()\n method would not \"pause\" writing and signal to the Protocol to drain \nthe buffer to the wire once the write buffer reached the \"high-water \nmark\". Because of this, Protocols would not periodically drain the write\n buffer potentially leading to memory exhaustion.\n\n\n\n\n\nThis\n vulnerability likely impacts a small number of users, you must be using\n Python 3.12.0 or later, on macOS or Linux, using the asyncio module \nwith protocols, and using .writelines() method which had new \nzero-copy-on-write behavior in Python 3.12.0 and later. If not all of \nthese factors are true then your usage of Python is unaffected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-12254",
          "url": "https://www.suse.com/security/cve/CVE-2024-12254"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1234290 for CVE-2024-12254",
          "url": "https://bugzilla.suse.com/1234290"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-24T07:26:36Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-12254"
    },
    {
      "cve": "CVE-2024-12718",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-12718"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Allows modifying some file metadata (e.g. last modified) with filter=\"data\"  or file permissions (chmod) with filter=\"tar\"  of files outside the extraction directory.\nYou are affected by this vulnerability if using the tarfile  module to extract untrusted tar archives using TarFile.extractall()  or TarFile.extract()  using the filter=  parameter with a value of \"data\"  or \"tar\". See the tarfile  extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter   for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don\u0027t include the extraction filter feature.\n\nNote that for Python 3.14 or later the default value of filter=  changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-12718",
          "url": "https://www.suse.com/security/cve/CVE-2024-12718"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1244056 for CVE-2024-12718",
          "url": "https://bugzilla.suse.com/1244056"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-24T07:26:36Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-12718"
    },
    {
      "cve": "CVE-2024-9287",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-9287"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren\u0027t activated before being used (ie \"./venv/bin/python\") are not affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-9287",
          "url": "https://www.suse.com/security/cve/CVE-2024-9287"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1232241 for CVE-2024-9287",
          "url": "https://bugzilla.suse.com/1232241"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-24T07:26:36Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-9287"
    },
    {
      "cve": "CVE-2025-0938",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-0938"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-0938",
          "url": "https://www.suse.com/security/cve/CVE-2025-0938"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1236705 for CVE-2025-0938",
          "url": "https://bugzilla.suse.com/1236705"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-24T07:26:36Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-0938"
    },
    {
      "cve": "CVE-2025-1795",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1795"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1795",
          "url": "https://www.suse.com/security/cve/CVE-2025-1795"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1238450 for CVE-2025-1795",
          "url": "https://bugzilla.suse.com/1238450"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-24T07:26:36Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-1795"
    },
    {
      "cve": "CVE-2025-4138",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-4138"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\n\n\nYou are affected by this vulnerability if using the tarfile  module to extract untrusted tar archives using TarFile.extractall()  or TarFile.extract()  using the filter=  parameter with a value of \"data\"  or \"tar\". See the tarfile  extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter   for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don\u0027t include the extraction filter feature.\n\nNote that for Python 3.14 or later the default value of filter=  changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-4138",
          "url": "https://www.suse.com/security/cve/CVE-2025-4138"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1244059 for CVE-2025-4138",
          "url": "https://bugzilla.suse.com/1244059"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-24T07:26:36Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-4138"
    },
    {
      "cve": "CVE-2025-4330",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-4330"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\n\n\nYou are affected by this vulnerability if using the tarfile  module to extract untrusted tar archives using TarFile.extractall()  or TarFile.extract()  using the filter=  parameter with a value of \"data\"  or \"tar\". See the tarfile  extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter   for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don\u0027t include the extraction filter feature.\n\nNote that for Python 3.14 or later the default value of filter=  changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-4330",
          "url": "https://www.suse.com/security/cve/CVE-2025-4330"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1244060 for CVE-2025-4330",
          "url": "https://bugzilla.suse.com/1244060"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-24T07:26:36Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-4330"
    },
    {
      "cve": "CVE-2025-4516",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-4516"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-4516",
          "url": "https://www.suse.com/security/cve/CVE-2025-4516"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243273 for CVE-2025-4516",
          "url": "https://bugzilla.suse.com/1243273"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-24T07:26:36Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-4516"
    },
    {
      "cve": "CVE-2025-4517",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-4517"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Allows arbitrary filesystem writes outside the extraction directory during extraction with filter=\"data\".\n\n\nYou are affected by this vulnerability if using the tarfile  module to extract untrusted tar archives using TarFile.extractall()  or TarFile.extract()  using the filter=  parameter with a value of \"data\"  or \"tar\". See the tarfile  extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter   for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don\u0027t include the extraction filter feature.\n\nNote that for Python 3.14 or later the default value of filter=  changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
          "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-4517",
          "url": "https://www.suse.com/security/cve/CVE-2025-4517"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1244032 for CVE-2025-4517",
          "url": "https://bugzilla.suse.com/1244032"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
            "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-24T07:26:36Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-4517"
    }
  ]
}

CVE-2024-12254 (GCVE-0-2024-12254)

Vulnerability from cvelistv5

Published

2024-12-06 15:19

Modified

2025-04-04 23:03

Severity ?

8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-400 - Uncontrolled Resource Consumption
CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion. This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true then your usage of Python is unaffected.

References

►

URL

Tags

	https://github.com/python/cpython/issues/127655	issue-tracking
	https://github.com/python/cpython/pull/127656	patch
	https://mail.python.org/archives/list/security-announce@python.org/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/	vendor-advisory
	https://github.com/python/cpython/commit/71e8429ac8e2adc10084ab5ec29a62f4b6671a82	patch
	https://github.com/python/cpython/commit/9aa0deb2eef2655a1029ba228527b152353135b5	patch
	https://github.com/python/cpython/commit/e991ac8f2037d78140e417cc9a9486223eb3e786	patch

Impacted products

	Vendor	Product	Version
	Python Software Foundation	CPython	Version: 3.12.0 Version: 3.13.0 Version: 3.14.0a1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cpython",
            "vendor": "python_software_foundation",
            "versions": [
              {
                "lessThan": "3.14.0a1",
                "status": "affected",
                "version": "3.12.0",
                "versionType": "python"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-12254",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-06T15:35:11.234951Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-770",
                "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T16:54:28.955Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-04T23:03:00.653Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/12/06/1"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250404-0010/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "asyncio"
          ],
          "platforms": [
            "MacOS",
            "Linux"
          ],
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.12.9",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.2",
              "status": "affected",
              "version": "3.13.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.14.0a3",
              "status": "affected",
              "version": "3.14.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "J. Nick Koston"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Seth Larson"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eStarting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()\n method would not \"pause\" writing and signal to the Protocol to drain \nthe buffer to the wire once the write buffer reached the \"high-water \nmark\". Because of this, Protocols would not periodically drain the write\n buffer potentially leading to memory exhaustion.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis\n vulnerability likely impacts a small number of users, you must be using\n Python 3.12.0 or later, on macOS or Linux, using the asyncio module \nwith protocols, and using .writelines() method which had new \nzero-copy-on-write behavior in Python 3.12.0 and later. If not all of \nthese factors are true then your usage of Python is unaffected.\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()\n method would not \"pause\" writing and signal to the Protocol to drain \nthe buffer to the wire once the write buffer reached the \"high-water \nmark\". Because of this, Protocols would not periodically drain the write\n buffer potentially leading to memory exhaustion.\n\n\n\n\n\nThis\n vulnerability likely impacts a small number of users, you must be using\n Python 3.12.0 or later, on macOS or Linux, using the asyncio module \nwith protocols, and using .writelines() method which had new \nzero-copy-on-write behavior in Python 3.12.0 and later. If not all of \nthese factors are true then your usage of Python is unaffected."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-04T20:38:34.082Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/127655"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/127656"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/71e8429ac8e2adc10084ab5ec29a62f4b6671a82"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/9aa0deb2eef2655a1029ba228527b152353135b5"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/e991ac8f2037d78140e417cc9a9486223eb3e786"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Unbounded memory buffering in SelectorSocketTransport.writelines()",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2024-12254",
    "datePublished": "2024-12-06T15:19:41.576Z",
    "dateReserved": "2024-12-05T16:17:55.154Z",
    "dateUpdated": "2025-04-04T23:03:00.653Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0938 (GCVE-0-2025-0938)

Vulnerability from cvelistv5

Published

2025-01-31 17:51

Modified

2025-04-25 17:35

Severity ?

6.3 (Medium) - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

CWE

CWE-20 - Improper Input Validation

Summary

The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.

References

►

URL

Tags

	https://github.com/python/cpython/issues/105704	issue-tracking
	https://github.com/python/cpython/pull/129418	patch
	https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/	vendor-advisory
	https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a	patch
	https://github.com/python/cpython/commit/90e526ae67b172ed7c6c56e7edad36263b0f9403	patch
	https://github.com/python/cpython/commit/a7084f6075c9595ba60119ce8c62f1496f50c568	patch
	https://github.com/python/cpython/commit/526617ed68cde460236c973e5d0a8bad4de896ba	patch
	https://github.com/python/cpython/commit/b8b4b713c5f8ec0958c7ef8d29d6711889bc94ab	patch
	https://github.com/python/cpython/commit/ff4e5c25666f63544071a6b075ae8b25c98b7a32	patch

Impacted products

	Vendor	Product	Version
	Python Software Foundation	CPython	Version: 0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0 Version: 3.14.0a1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0938",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-31T18:50:16.654297Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-31T18:50:29.327Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-03-14T10:03:07.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250314-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.9.22",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.10.17",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.12",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.9",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.2",
              "status": "affected",
              "version": "3.13.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.14.0a5",
              "status": "affected",
              "version": "3.14.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.\u003cbr\u003e"
            }
          ],
          "value": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-25T17:35:52.426Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/105704"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/129418"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/90e526ae67b172ed7c6c56e7edad36263b0f9403"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/a7084f6075c9595ba60119ce8c62f1496f50c568"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/526617ed68cde460236c973e5d0a8bad4de896ba"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/b8b4b713c5f8ec0958c7ef8d29d6711889bc94ab"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/ff4e5c25666f63544071a6b075ae8b25c98b7a32"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "URL parser allowed square brackets in domain names",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2025-0938",
    "datePublished": "2025-01-31T17:51:35.898Z",
    "dateReserved": "2025-01-31T17:45:10.107Z",
    "dateUpdated": "2025-04-25T17:35:52.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1795 (GCVE-0-2025-1795)

Vulnerability from cvelistv5

Published

2025-02-28 18:59

Modified

2025-02-28 20:32

Severity ?

2.3 (Low) - CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Summary

During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.

References

►

URL

Tags

	https://github.com/python/cpython/issues/100884	issue-tracking
	https://github.com/python/cpython/pull/100885	patch
	https://github.com/python/cpython/pull/119099	patch
	https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48	patch
	https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593	patch
	https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74	patch
	https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/	vendor-advisory

Impacted products

	Vendor	Product	Version
	Python Software Foundation	CPython	Version: 0 Version: 3.12.0 Version: 3.13.0a1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1795",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-28T20:30:47.670593Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-116",
                "description": "CWE-116 Improper Encoding or Escaping of Output",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-28T20:32:56.849Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "email"
          ],
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.11.9",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.3",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.0a5",
              "status": "affected",
              "version": "3.13.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers."
            }
          ],
          "value": "During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-28T19:16:32.270Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/100884"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/100885"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/119099"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Mishandling of comma during folding and unicode-encoding of email headers",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2025-1795",
    "datePublished": "2025-02-28T18:59:31.784Z",
    "dateReserved": "2025-02-28T18:49:37.957Z",
    "dateUpdated": "2025-02-28T20:32:56.849Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-4138 (GCVE-0-2025-4138)

Vulnerability from cvelistv5

Published

2025-06-03 12:59

Modified

2025-07-07 17:36

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Summary

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

References

►

URL

Tags

	https://github.com/python/cpython/issues/135034	issue-tracking
	https://github.com/python/cpython/pull/135037	patch
	https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/	vendor-advisory
	https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a	patch
	https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a	patch
	https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f	mitigation
	https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da	patch
	https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01	patch
	https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9	patch
	https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e	patch
	https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a	patch
	https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1	patch

Impacted products

	Vendor	Product	Version
	Python Software Foundation	CPython	Version: 0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0 Version: 3.14.0a1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4138",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-03T13:29:22.889454Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-03T13:29:36.599Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "tarfile"
          ],
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.9.23",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.10.18",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.13",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.11",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.4",
              "status": "affected",
              "version": "3.13.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.14.0b3",
              "status": "affected",
              "version": "3.14.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Caleb Brown (Google)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Petr Viktorin"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Serhiy Storchaka"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Hugo van Kemenade"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "\u0141ukasz Langa"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Thomas Wouters"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Seth Larson"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAllows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eYou are affected by this vulnerability if using the \u003ccode\u003etarfile\u003c/code\u003e\u0026nbsp;module to extract untrusted tar archives using \u003ccode\u003eTarFile.extractall()\u003c/code\u003e\u0026nbsp;or \u003ccode\u003eTarFile.extract()\u003c/code\u003e\u0026nbsp;using the \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;parameter with a value of \u003ccode\u003e\"data\"\u003c/code\u003e\u0026nbsp;or \u003ccode\u003e\"tar\"\u003c/code\u003e. See the tarfile \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter\"\u003eextraction filters documentation\u003c/a\u003e\u0026nbsp;for more information.\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eNote that for Python 3.14 or later the default value of \u003c/span\u003e\u003ccode\u003efilter=\u003c/code\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\n\n\nYou are affected by this vulnerability if using the tarfile\u00a0module to extract untrusted tar archives using TarFile.extractall()\u00a0or TarFile.extract()\u00a0using the filter=\u00a0parameter with a value of \"data\"\u00a0or \"tar\". See the tarfile  extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter \u00a0for more information.\n\nNote that for Python 3.14 or later the default value of filter=\u00a0changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-07T17:36:01.739Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/135034"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/135037"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
        },
        {
          "tags": [
            "mitigation"
          ],
          "url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2025-4138",
    "datePublished": "2025-06-03T12:59:02.717Z",
    "dateReserved": "2025-04-30T13:35:55.675Z",
    "dateUpdated": "2025-07-07T17:36:01.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-4330 (GCVE-0-2025-4330)

Vulnerability from cvelistv5

Published

2025-06-03 12:58

Modified

2025-07-07 17:36

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Summary

References

►

URL

Tags

	https://github.com/python/cpython/issues/135034	issue-tracking
	https://github.com/python/cpython/pull/135037	patch
	https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/	vendor-advisory
	https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a	patch
	https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a	patch
	https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f	mitigation
	https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da	patch
	https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01	patch
	https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9	patch
	https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e	patch
	https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a	patch
	https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1	patch

Impacted products

	Vendor	Product	Version
	Python Software Foundation	CPython	Version: 0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0 Version: 3.14.0a1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4330",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-03T13:27:07.778910Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-10T13:24:45.824Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "tarfile"
          ],
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.9.23",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.10.18",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.13",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.11",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.4",
              "status": "affected",
              "version": "3.13.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.14.0b3",
              "status": "affected",
              "version": "3.14.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Caleb Brown (Google)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Petr Viktorin"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Serhiy Storchaka"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Hugo van Kemenade"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "\u0141ukasz Langa"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Thomas Wouters"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Seth Larson"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAllows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eYou are affected by this vulnerability if using the \u003ccode\u003etarfile\u003c/code\u003e\u0026nbsp;module to extract untrusted tar archives using \u003ccode\u003eTarFile.extractall()\u003c/code\u003e\u0026nbsp;or \u003ccode\u003eTarFile.extract()\u003c/code\u003e\u0026nbsp;using the \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;parameter with a value of \u003ccode\u003e\"data\"\u003c/code\u003e\u0026nbsp;or \u003ccode\u003e\"tar\"\u003c/code\u003e. See the tarfile \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter\"\u003eextraction filters documentation\u003c/a\u003e\u0026nbsp;for more information.\u003c/p\u003e\u003cp\u003eNote that for Python 3.14 or later the default value of \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\u003c/p\u003e\u003cp\u003eNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.\u003cbr\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\n\n\nYou are affected by this vulnerability if using the tarfile\u00a0module to extract untrusted tar archives using TarFile.extractall()\u00a0or TarFile.extract()\u00a0using the filter=\u00a0parameter with a value of \"data\"\u00a0or \"tar\". See the tarfile  extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter \u00a0for more information.\n\nNote that for Python 3.14 or later the default value of filter=\u00a0changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-07T17:36:07.725Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/135034"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/135037"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
        },
        {
          "tags": [
            "mitigation"
          ],
          "url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Extraction filter bypass for linking outside extraction directory",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2025-4330",
    "datePublished": "2025-06-03T12:58:57.452Z",
    "dateReserved": "2025-05-05T15:05:14.302Z",
    "dateUpdated": "2025-07-07T17:36:07.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-4517 (GCVE-0-2025-4517)

Vulnerability from cvelistv5

Published

2025-06-03 12:58

Modified

2025-07-07 17:36

Severity ?

9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Summary

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

References

►

URL

Tags

	https://github.com/python/cpython/issues/135034	issue-tracking
	https://github.com/python/cpython/pull/135037	patch
	https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/	vendor-advisory
	https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a	patch
	https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a	patch
	https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f	mitigation
	https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da	patch
	https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01	patch
	https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9	patch
	https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e	patch
	https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a	patch
	https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1	patch

Impacted products

	Vendor	Product	Version
	Python Software Foundation	CPython	Version: 0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0 Version: 3.14.0a1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4517",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-03T13:28:11.482037Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-10T13:25:08.659Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "tarfile"
          ],
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.9.23",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.10.18",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.13",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.11",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.4",
              "status": "affected",
              "version": "3.13.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.14.0b3",
              "status": "affected",
              "version": "3.14.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Caleb Brown (Google)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Petr Viktorin"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Serhiy Storchaka"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Hugo van Kemenade"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "\u0141ukasz Langa"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Thomas Wouters"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Seth Larson"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAllows arbitrary filesystem writes outside the extraction directory during extraction with \u003c/span\u003e\u003ccode\u003efilter=\"data\"\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eYou are affected by this vulnerability if using the \u003ccode\u003etarfile\u003c/code\u003e\u0026nbsp;module to extract untrusted tar archives using \u003ccode\u003eTarFile.extractall()\u003c/code\u003e\u0026nbsp;or \u003ccode\u003eTarFile.extract()\u003c/code\u003e\u0026nbsp;using the \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;parameter with a value of \u003ccode\u003e\"data\"\u003c/code\u003e\u0026nbsp;or \u003ccode\u003e\"tar\"\u003c/code\u003e. See the tarfile \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter\"\u003eextraction filters documentation\u003c/a\u003e\u0026nbsp;for more information.\u003c/p\u003e\u003cp\u003eNote that for Python 3.14 or later the default value of \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\u003c/p\u003e\u003cp\u003eNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Allows arbitrary filesystem writes outside the extraction directory during extraction with filter=\"data\".\n\n\nYou are affected by this vulnerability if using the tarfile\u00a0module to extract untrusted tar archives using TarFile.extractall()\u00a0or TarFile.extract()\u00a0using the filter=\u00a0parameter with a value of \"data\"\u00a0or \"tar\". See the tarfile  extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter \u00a0for more information.\n\nNote that for Python 3.14 or later the default value of filter=\u00a0changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-07T17:36:26.194Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/135034"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/135037"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
        },
        {
          "tags": [
            "mitigation"
          ],
          "url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Arbitrary writes via tarfile realpath overflow",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2025-4517",
    "datePublished": "2025-06-03T12:58:50.352Z",
    "dateReserved": "2025-05-09T15:05:07.139Z",
    "dateUpdated": "2025-07-07T17:36:26.194Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12718 (GCVE-0-2024-12718)

Vulnerability from cvelistv5

Published

2025-06-03 12:59

Modified

2025-07-07 17:34

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Summary

Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

References

►

URL

Tags

	https://github.com/python/cpython/issues/135034	issue-tracking
	https://github.com/python/cpython/pull/135037	patch
	https://github.com/python/cpython/issues/127987	issue-tracking
	https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/	vendor-advisory
	https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a	patch
	https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a	patch
	https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f	mitigation
	https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da	patch
	https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9	patch
	https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e	patch
	https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a	patch
	https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01	patch
	https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1	patch

Impacted products

	Vendor	Product	Version
	Python Software Foundation	CPython	Version: 0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0 Version: 3.14.0a1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12718",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-03T14:35:24.917277Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-03T14:35:36.317Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.9.23",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.10.18",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.13",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.11",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.4",
              "status": "affected",
              "version": "3.13.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.14.0b3",
              "status": "affected",
              "version": "3.14.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Jakub Wilk"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Seth Larson"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Petr Viktorin"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Serhiy Storchaka"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Hugo van Kemenade"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "\u0141ukasz Langa"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Thomas Wouters"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAllows modifying some file metadata (e.g. last modified) with \u003c/span\u003e\u003ccode\u003efilter=\"data\"\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or file permissions (chmod) with \u003c/span\u003e\u003ccode\u003efilter=\"tar\"\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;of files outside the extraction directory.\u003cbr\u003e\u003cp\u003eYou are affected by this vulnerability if using the \u003ccode\u003etarfile\u003c/code\u003e\u0026nbsp;module to extract untrusted tar archives using \u003ccode\u003eTarFile.extractall()\u003c/code\u003e\u0026nbsp;or \u003ccode\u003eTarFile.extract()\u003c/code\u003e\u0026nbsp;using the \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;parameter with a value of \u003ccode\u003e\"data\"\u003c/code\u003e\u0026nbsp;or \u003ccode\u003e\"tar\"\u003c/code\u003e. See the tarfile \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter\"\u003eextraction filters documentation\u003c/a\u003e\u0026nbsp;for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don\u0027t include the extraction filter feature.\u003c/p\u003e\u003cp\u003eNote that for Python 3.14 or later the default value of \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\u003c/p\u003e\u003cp\u003eNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.\u003c/p\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Allows modifying some file metadata (e.g. last modified) with filter=\"data\"\u00a0or file permissions (chmod) with filter=\"tar\"\u00a0of files outside the extraction directory.\nYou are affected by this vulnerability if using the tarfile\u00a0module to extract untrusted tar archives using TarFile.extractall()\u00a0or TarFile.extract()\u00a0using the filter=\u00a0parameter with a value of \"data\"\u00a0or \"tar\". See the tarfile  extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter \u00a0for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don\u0027t include the extraction filter feature.\n\nNote that for Python 3.14 or later the default value of filter=\u00a0changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-07T17:34:47.214Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/135034"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/135037"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/127987"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
        },
        {
          "tags": [
            "mitigation"
          ],
          "url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Bypass extraction filter to modify file metadata outside extraction directory",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2024-12718",
    "datePublished": "2025-06-03T12:59:10.908Z",
    "dateReserved": "2024-12-17T17:04:51.209Z",
    "dateUpdated": "2025-07-07T17:34:47.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-9287 (GCVE-0-2024-9287)

Vulnerability from cvelistv5

Published

2024-10-22 16:34

Modified

2025-04-25 23:02

Severity ?

5.3 (Medium) - CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green

CWE

CWE-428 - Unquoted Search Path or Element

Summary

A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.

References

►

URL

Tags

	https://github.com/python/cpython/issues/124651	issue-tracking
	https://github.com/python/cpython/pull/124712	patch
	https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/	vendor-advisory
	https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483	patch
	https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7	patch
	https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db	patch
	https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8	patch
	https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97	patch
	https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b	patch

Impacted products

	Vendor	Product	Version
	Python Software Foundation	CPython	Version: 0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0 Version: 3.14.0a1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cpython",
            "vendor": "python",
            "versions": [
              {
                "lessThanOrEqual": "3.13.0",
                "status": "affected",
                "version": "0",
                "versionType": "python"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9287",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T17:11:46.736068Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T17:13:32.968Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-25T23:02:57.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250425-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "venv"
          ],
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.9.21",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.10.16",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.11",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.8",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.1",
              "status": "affected",
              "version": "3.13.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.14.0a2",
              "status": "affected",
              "version": "3.14.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren\u0027t activated before being used (ie \"./venv/bin/python\") are not affected.\u003cbr\u003e"
            }
          ],
          "value": "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren\u0027t activated before being used (ie \"./venv/bin/python\") are not affected."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "CWE-428 Unquoted Search Path or Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-31T19:55:27.648Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/124651"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/124712"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Virtual environment (venv) activation scripts don\u0027t quote paths",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2024-9287",
    "datePublished": "2024-10-22T16:34:39.210Z",
    "dateReserved": "2024-09-27T14:48:44.181Z",
    "dateUpdated": "2025-04-25T23:02:57.606Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-4516 (GCVE-0-2025-4516)

Vulnerability from cvelistv5

Published

2025-05-15 13:29

Modified

2025-06-03 20:53

Severity ?

5.9 (Medium) - CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-416 - Use After Free

Summary

There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.

References

►

URL

Tags

	https://github.com/python/cpython/issues/133767	issue-tracking
	https://github.com/python/cpython/pull/129648	patch
	https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/	vendor-advisory
	https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142	patch
	https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e	patch
	https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292	patch
	https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d	patch
	https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f	patch
	https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77	patch
	https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b	patch

Impacted products

	Vendor	Product	Version
	Python Software Foundation	CPython	Version: 0 Version: 3.10.0 Version: 3.11.0 Version: 3.12.0 Version: 3.13.0 Version: 3.14.0a1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4516",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T14:18:44.612125Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-15T14:18:50.599Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-19T10:03:31.542Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/05/16/4"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/05/19/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.9.23",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.10.18",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.13",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.11",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.4",
              "status": "affected",
              "version": "3.13.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.14.0b2",
              "status": "affected",
              "version": "3.14.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError."
            }
          ],
          "value": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-03T20:53:33.583Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/133767"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/129648"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Use-after-free in \"unicode_escape\" decoder with error handler",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2025-4516",
    "datePublished": "2025-05-15T13:29:20.126Z",
    "dateReserved": "2025-05-09T14:59:53.878Z",
    "dateUpdated": "2025-06-03T20:53:33.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2025:02074-1

Vulnerability from csaf_suse

CVE-2024-12254 (GCVE-0-2024-12254)

Vulnerability from cvelistv5

CVE-2025-0938 (GCVE-0-2025-0938)

Vulnerability from cvelistv5

CVE-2025-1795 (GCVE-0-2025-1795)

Vulnerability from cvelistv5

CVE-2025-4138 (GCVE-0-2025-4138)

Vulnerability from cvelistv5

CVE-2025-4330 (GCVE-0-2025-4330)

Vulnerability from cvelistv5

CVE-2025-4517 (GCVE-0-2025-4517)

Vulnerability from cvelistv5

CVE-2024-12718 (GCVE-0-2024-12718)

Vulnerability from cvelistv5

CVE-2024-9287 (GCVE-0-2024-9287)

Vulnerability from cvelistv5

CVE-2025-4516 (GCVE-0-2025-4516)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature