{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"python3 security update", "category":"general", "title":"Synopsis" }, { "text":"An update for python3 is now available for openEuler-24.03-LTS-SP1", "category":"general", "title":"Summary" }, { "text":"Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C++ (or other languages, depending on the chosen implementation). Python is also usable as an extension language for applications written in other languages that need easy-to-use scripting or automation interfaces.\n\nSecurity Fix(es):\n\nWhen passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the \"base64\" module the characters \"+/\" will always be accepted, regardless of the value of \"altchars\" parameter, typically used to establish an \"alternative base64 alphabet\" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues.\n\n\n\n\nThis behavior can only be insecure if your application uses an alternate base64 alphabet (without \"+/\"). If your application does not use the \"altchars\" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet.\n\n\n\n\nThe attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 \nalphabet they are expecting or verify that their application would not be \naffected if the b64decode() functions accepted \"+\" or \"/\" outside of altchars.(CVE-2025-12781)\n\nThe poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.(CVE-2025-15367)\n\nWhen using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.(CVE-2026-0672)\n\nThe wsgiref.headers.Headers module has an HTTP header injection vulnerability where user-controlled header names and values containing newlines can allow injecting malicious HTTP headers.(CVE-2026-0865)\n\nThe \nemail module, specifically the \"BytesGenerator\" class, didn’t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized. This is only applicable if using \"LiteralHeader\" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in \"BytesGenerator\".(CVE-2026-1299)", "category":"general", "title":"Description" }, { "text":"An update for python3 is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3/openEuler-20.03-LTS-SP1/openEuler-22.03-LTS/openEuler-22.03-LTS-Next/openEuler-22.03-LTS-SP1/openEuler-22.03-LTS-SP2/openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"python3", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1357", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1357" }, { "summary":"CVE-2025-12781", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-12781&packageName=python3" }, { "summary":"CVE-2025-15367", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-15367&packageName=python3" }, { "summary":"CVE-2026-0672", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0672&packageName=python3" }, { "summary":"CVE-2026-0865", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0865&packageName=python3" }, { "summary":"CVE-2026-1299", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-1299&packageName=python3" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12781" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-15367" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0672" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0865" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1299" }, { "summary":"openEuler-SA-2026-1357 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1357.json" } ], "title":"An update for python3 is now available for openEuler-24.03-LTS-SP1", "tracking":{ "initial_release_date":"2026-02-14T15:28:33+08:00", "revision_history":[ { "date":"2026-02-14T15:28:33+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-02-14T15:28:33+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-02-14T15:28:33+08:00", "id":"openEuler-SA-2026-1357", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"openEuler-24.03-LTS-SP1", "name":"openEuler-24.03-LTS-SP1" }, "name":"openEuler-24.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-3.11.6-23.oe2403sp1.aarch64.rpm", "name":"python3-3.11.6-23.oe2403sp1.aarch64.rpm" }, "name":"python3-3.11.6-23.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-debug-3.11.6-23.oe2403sp1.aarch64.rpm", "name":"python3-debug-3.11.6-23.oe2403sp1.aarch64.rpm" }, "name":"python3-debug-3.11.6-23.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-debuginfo-3.11.6-23.oe2403sp1.aarch64.rpm", "name":"python3-debuginfo-3.11.6-23.oe2403sp1.aarch64.rpm" }, "name":"python3-debuginfo-3.11.6-23.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-debugsource-3.11.6-23.oe2403sp1.aarch64.rpm", "name":"python3-debugsource-3.11.6-23.oe2403sp1.aarch64.rpm" }, "name":"python3-debugsource-3.11.6-23.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-devel-3.11.6-23.oe2403sp1.aarch64.rpm", "name":"python3-devel-3.11.6-23.oe2403sp1.aarch64.rpm" }, "name":"python3-devel-3.11.6-23.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-tkinter-3.11.6-23.oe2403sp1.aarch64.rpm", "name":"python3-tkinter-3.11.6-23.oe2403sp1.aarch64.rpm" }, "name":"python3-tkinter-3.11.6-23.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64.rpm", "name":"python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64.rpm" }, "name":"python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-3.11.6-23.oe2403sp1.src.rpm", "name":"python3-3.11.6-23.oe2403sp1.src.rpm" }, "name":"python3-3.11.6-23.oe2403sp1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-3.11.6-23.oe2403sp1.x86_64.rpm", "name":"python3-3.11.6-23.oe2403sp1.x86_64.rpm" }, "name":"python3-3.11.6-23.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-debug-3.11.6-23.oe2403sp1.x86_64.rpm", "name":"python3-debug-3.11.6-23.oe2403sp1.x86_64.rpm" }, "name":"python3-debug-3.11.6-23.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-debuginfo-3.11.6-23.oe2403sp1.x86_64.rpm", "name":"python3-debuginfo-3.11.6-23.oe2403sp1.x86_64.rpm" }, "name":"python3-debuginfo-3.11.6-23.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-debugsource-3.11.6-23.oe2403sp1.x86_64.rpm", "name":"python3-debugsource-3.11.6-23.oe2403sp1.x86_64.rpm" }, "name":"python3-debugsource-3.11.6-23.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-devel-3.11.6-23.oe2403sp1.x86_64.rpm", "name":"python3-devel-3.11.6-23.oe2403sp1.x86_64.rpm" }, "name":"python3-devel-3.11.6-23.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-tkinter-3.11.6-23.oe2403sp1.x86_64.rpm", "name":"python3-tkinter-3.11.6-23.oe2403sp1.x86_64.rpm" }, "name":"python3-tkinter-3.11.6-23.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64.rpm", "name":"python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64.rpm" }, "name":"python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-help-3.11.6-23.oe2403sp1.noarch.rpm", "name":"python3-help-3.11.6-23.oe2403sp1.noarch.rpm" }, "name":"python3-help-3.11.6-23.oe2403sp1.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-3.11.6-23.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.aarch64", "name":"python3-3.11.6-23.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-debug-3.11.6-23.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.aarch64", "name":"python3-debug-3.11.6-23.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-debuginfo-3.11.6-23.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.aarch64", "name":"python3-debuginfo-3.11.6-23.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-debugsource-3.11.6-23.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.aarch64", "name":"python3-debugsource-3.11.6-23.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-devel-3.11.6-23.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.aarch64", "name":"python3-devel-3.11.6-23.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-tkinter-3.11.6-23.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.aarch64", "name":"python3-tkinter-3.11.6-23.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64", "name":"python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-3.11.6-23.oe2403sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.src", "name":"python3-3.11.6-23.oe2403sp1.src as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-3.11.6-23.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.x86_64", "name":"python3-3.11.6-23.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-debug-3.11.6-23.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.x86_64", "name":"python3-debug-3.11.6-23.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-debuginfo-3.11.6-23.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.x86_64", "name":"python3-debuginfo-3.11.6-23.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-debugsource-3.11.6-23.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.x86_64", "name":"python3-debugsource-3.11.6-23.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-devel-3.11.6-23.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.x86_64", "name":"python3-devel-3.11.6-23.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-tkinter-3.11.6-23.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.x86_64", "name":"python3-tkinter-3.11.6-23.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64", "name":"python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-help-3.11.6-23.oe2403sp1.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-help-3.11.6-23.oe2403sp1.noarch", "name":"python3-help-3.11.6-23.oe2403sp1.noarch as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-12781", "notes":[ { "text":"When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the \"base64\" module the characters \"+/\" will always be accepted, regardless of the value of \"altchars\" parameter, typically used to establish an \"alternative base64 alphabet\" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues.\n\n\n\n\nThis behavior can only be insecure if your application uses an alternate base64 alphabet (without \"+/\"). If your application does not use the \"altchars\" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet.\n\n\n\n\nThe attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 \nalphabet they are expecting or verify that their application would not be \naffected if the b64decode() functions accepted \"+\" or \"/\" outside of altchars.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.src", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-help-3.11.6-23.oe2403sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.src", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-help-3.11.6-23.oe2403sp1.noarch" ], "details":"python3 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1357" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.src", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-help-3.11.6-23.oe2403sp1.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-12781" }, { "cve":"CVE-2025-15367", "notes":[ { "text":"The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.src", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-help-3.11.6-23.oe2403sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.src", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-help-3.11.6-23.oe2403sp1.noarch" ], "details":"python3 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1357" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.9, "vectorString":"CVSS:3.1/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.src", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-help-3.11.6-23.oe2403sp1.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-15367" }, { "cve":"CVE-2026-0672", "notes":[ { "text":"When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.src", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-help-3.11.6-23.oe2403sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.src", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-help-3.11.6-23.oe2403sp1.noarch" ], "details":"python3 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1357" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.0, "vectorString":"CVSS:3.1/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.src", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-help-3.11.6-23.oe2403sp1.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-0672" }, { "cve":"CVE-2026-0865", "notes":[ { "text":"The wsgiref.headers.Headers module has an HTTP header injection vulnerability where user-controlled header names and values containing newlines can allow injecting malicious HTTP headers.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.src", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-help-3.11.6-23.oe2403sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.src", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-help-3.11.6-23.oe2403sp1.noarch" ], "details":"python3 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1357" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.9, "vectorString":"CVSS:3.1/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.src", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-help-3.11.6-23.oe2403sp1.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-0865" }, { "cve":"CVE-2026-1299", "notes":[ { "text":"The \nemail module, specifically the \"BytesGenerator\" class, didn’t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized. This is only applicable if using \"LiteralHeader\" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in \"BytesGenerator\".", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.src", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-help-3.11.6-23.oe2403sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.src", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-help-3.11.6-23.oe2403sp1.noarch" ], "details":"python3 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1357" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.0, "vectorString":"CVSS:3.1/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.src", "openEuler-24.03-LTS-SP1:python3-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debug-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debuginfo-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-debugsource-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-devel-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-tkinter-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-unversioned-command-3.11.6-23.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-help-3.11.6-23.oe2403sp1.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-1299" } ] }