Package Release Info

python-base-2.7.18-150000.102.1

Update Info: SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-590
Available in Package Hub : 15 SP7 Subpackages Updates

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

libpython2_7-1_0

python-base

python-xml

Change Logs

* Fri Feb 13 2026 mcepl@suse.com

- CVE-2026-0672: rejects control characters in http cookies.
  (bsc#1257031, gh#python/cpython#143919)
  CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
  wsgiref.headers.Headers, which could be abused for injecting
  false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
  CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
  IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
  CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
  poplib library. (bsc#1257041, gh#python/cpython#143923)
  CVE-2025-15367-poplib-ctrl-chars.patch

* Fri Feb 13 2026 nico.krapp@suse.com

- Add add-zlib-eof-attribute.patch, needed for python-urllib3
  CVE fix (bsc#1254867)