{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"python3 security update", "category":"general", "title":"Synopsis" }, { "text":"An update for python3 is now available for openEuler-22.03-LTS-SP4", "category":"general", "title":"Summary" }, { "text":"Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C++ (or other languages, depending on the chosen implementation). Python is also usable as an extension language for applications written in other languages that need easy-to-use scripting or automation interfaces.\n\nSecurity Fix(es):\n\nWhen using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.(CVE-2026-0672)\n\nThe wsgiref.headers.Headers module has an HTTP header injection vulnerability where user-controlled header names and values containing newlines can allow injecting malicious HTTP headers.(CVE-2026-0865)\n\nThe \nemail module, specifically the \"BytesGenerator\" class, didn’t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized. This is only applicable if using \"LiteralHeader\" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in \"BytesGenerator\".(CVE-2026-1299)", "category":"general", "title":"Description" }, { "text":"An update for python3 is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3/openEuler-20.03-LTS-SP1/openEuler-22.03-LTS/openEuler-22.03-LTS-Next/openEuler-22.03-LTS-SP1/openEuler-22.03-LTS-SP2/openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"python3", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1463", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1463" }, { "summary":"CVE-2026-0672", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0672&packageName=python3" }, { "summary":"CVE-2026-0865", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0865&packageName=python3" }, { "summary":"CVE-2026-1299", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-1299&packageName=python3" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0672" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0865" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1299" }, { "summary":"openEuler-SA-2026-1463 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1463.json" } ], "title":"An update for python3 is now available for openEuler-22.03-LTS-SP4", "tracking":{ "initial_release_date":"2026-03-02T14:19:30+08:00", "revision_history":[ { "date":"2026-03-02T14:19:30+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-03-02T14:19:30+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-03-02T14:19:30+08:00", "id":"openEuler-SA-2026-1463", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"openEuler-22.03-LTS-SP4", "name":"openEuler-22.03-LTS-SP4" }, "name":"openEuler-22.03-LTS-SP4", "category":"product_version" } ], "category":"product_name" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"python3-help-3.9.9-52.oe2203sp4.noarch.rpm", "name":"python3-help-3.9.9-52.oe2203sp4.noarch.rpm" }, "name":"python3-help-3.9.9-52.oe2203sp4.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"python3-3.9.9-52.oe2203sp4.aarch64.rpm", "name":"python3-3.9.9-52.oe2203sp4.aarch64.rpm" }, "name":"python3-3.9.9-52.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"python3-debug-3.9.9-52.oe2203sp4.aarch64.rpm", "name":"python3-debug-3.9.9-52.oe2203sp4.aarch64.rpm" }, "name":"python3-debug-3.9.9-52.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"python3-debuginfo-3.9.9-52.oe2203sp4.aarch64.rpm", "name":"python3-debuginfo-3.9.9-52.oe2203sp4.aarch64.rpm" }, "name":"python3-debuginfo-3.9.9-52.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"python3-debugsource-3.9.9-52.oe2203sp4.aarch64.rpm", "name":"python3-debugsource-3.9.9-52.oe2203sp4.aarch64.rpm" }, "name":"python3-debugsource-3.9.9-52.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"python3-devel-3.9.9-52.oe2203sp4.aarch64.rpm", "name":"python3-devel-3.9.9-52.oe2203sp4.aarch64.rpm" }, "name":"python3-devel-3.9.9-52.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"python3-unversioned-command-3.9.9-52.oe2203sp4.aarch64.rpm", "name":"python3-unversioned-command-3.9.9-52.oe2203sp4.aarch64.rpm" }, "name":"python3-unversioned-command-3.9.9-52.oe2203sp4.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"python3-3.9.9-52.oe2203sp4.src.rpm", "name":"python3-3.9.9-52.oe2203sp4.src.rpm" }, "name":"python3-3.9.9-52.oe2203sp4.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"python3-3.9.9-52.oe2203sp4.x86_64.rpm", "name":"python3-3.9.9-52.oe2203sp4.x86_64.rpm" }, "name":"python3-3.9.9-52.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"python3-debug-3.9.9-52.oe2203sp4.x86_64.rpm", "name":"python3-debug-3.9.9-52.oe2203sp4.x86_64.rpm" }, "name":"python3-debug-3.9.9-52.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"python3-debuginfo-3.9.9-52.oe2203sp4.x86_64.rpm", "name":"python3-debuginfo-3.9.9-52.oe2203sp4.x86_64.rpm" }, "name":"python3-debuginfo-3.9.9-52.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"python3-debugsource-3.9.9-52.oe2203sp4.x86_64.rpm", "name":"python3-debugsource-3.9.9-52.oe2203sp4.x86_64.rpm" }, "name":"python3-debugsource-3.9.9-52.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"python3-devel-3.9.9-52.oe2203sp4.x86_64.rpm", "name":"python3-devel-3.9.9-52.oe2203sp4.x86_64.rpm" }, "name":"python3-devel-3.9.9-52.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"python3-unversioned-command-3.9.9-52.oe2203sp4.x86_64.rpm", "name":"python3-unversioned-command-3.9.9-52.oe2203sp4.x86_64.rpm" }, "name":"python3-unversioned-command-3.9.9-52.oe2203sp4.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"python3-help-3.9.9-52.oe2203sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:python3-help-3.9.9-52.oe2203sp4.noarch", "name":"python3-help-3.9.9-52.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"python3-3.9.9-52.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.aarch64", "name":"python3-3.9.9-52.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"python3-debug-3.9.9-52.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:python3-debug-3.9.9-52.oe2203sp4.aarch64", "name":"python3-debug-3.9.9-52.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"python3-debuginfo-3.9.9-52.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:python3-debuginfo-3.9.9-52.oe2203sp4.aarch64", "name":"python3-debuginfo-3.9.9-52.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"python3-debugsource-3.9.9-52.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:python3-debugsource-3.9.9-52.oe2203sp4.aarch64", "name":"python3-debugsource-3.9.9-52.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"python3-devel-3.9.9-52.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:python3-devel-3.9.9-52.oe2203sp4.aarch64", "name":"python3-devel-3.9.9-52.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"python3-unversioned-command-3.9.9-52.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:python3-unversioned-command-3.9.9-52.oe2203sp4.aarch64", "name":"python3-unversioned-command-3.9.9-52.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"python3-3.9.9-52.oe2203sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.src", "name":"python3-3.9.9-52.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"python3-3.9.9-52.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.x86_64", "name":"python3-3.9.9-52.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"python3-debug-3.9.9-52.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:python3-debug-3.9.9-52.oe2203sp4.x86_64", "name":"python3-debug-3.9.9-52.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"python3-debuginfo-3.9.9-52.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:python3-debuginfo-3.9.9-52.oe2203sp4.x86_64", "name":"python3-debuginfo-3.9.9-52.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"python3-debugsource-3.9.9-52.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:python3-debugsource-3.9.9-52.oe2203sp4.x86_64", "name":"python3-debugsource-3.9.9-52.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"python3-devel-3.9.9-52.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:python3-devel-3.9.9-52.oe2203sp4.x86_64", "name":"python3-devel-3.9.9-52.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"python3-unversioned-command-3.9.9-52.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:python3-unversioned-command-3.9.9-52.oe2203sp4.x86_64", "name":"python3-unversioned-command-3.9.9-52.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-0672", "notes":[ { "text":"When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:python3-help-3.9.9-52.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debug-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debuginfo-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debugsource-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-devel-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-unversioned-command-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.src", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debug-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debuginfo-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debugsource-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-devel-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-unversioned-command-3.9.9-52.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:python3-help-3.9.9-52.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debug-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debuginfo-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debugsource-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-devel-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-unversioned-command-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.src", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debug-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debuginfo-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debugsource-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-devel-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-unversioned-command-3.9.9-52.oe2203sp4.x86_64" ], "details":"python3 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1463" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.0, "vectorString":"CVSS:3.1/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:python3-help-3.9.9-52.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debug-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debuginfo-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debugsource-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-devel-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-unversioned-command-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.src", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debug-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debuginfo-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debugsource-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-devel-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-unversioned-command-3.9.9-52.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-0672" }, { "cve":"CVE-2026-0865", "notes":[ { "text":"The wsgiref.headers.Headers module has an HTTP header injection vulnerability where user-controlled header names and values containing newlines can allow injecting malicious HTTP headers.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:python3-help-3.9.9-52.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debug-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debuginfo-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debugsource-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-devel-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-unversioned-command-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.src", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debug-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debuginfo-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debugsource-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-devel-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-unversioned-command-3.9.9-52.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:python3-help-3.9.9-52.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debug-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debuginfo-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debugsource-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-devel-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-unversioned-command-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.src", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debug-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debuginfo-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debugsource-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-devel-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-unversioned-command-3.9.9-52.oe2203sp4.x86_64" ], "details":"python3 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1463" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.9, "vectorString":"CVSS:3.1/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:python3-help-3.9.9-52.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debug-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debuginfo-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debugsource-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-devel-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-unversioned-command-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.src", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debug-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debuginfo-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debugsource-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-devel-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-unversioned-command-3.9.9-52.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-0865" }, { "cve":"CVE-2026-1299", "notes":[ { "text":"The \nemail module, specifically the \"BytesGenerator\" class, didn’t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized. This is only applicable if using \"LiteralHeader\" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in \"BytesGenerator\".", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:python3-help-3.9.9-52.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debug-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debuginfo-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debugsource-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-devel-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-unversioned-command-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.src", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debug-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debuginfo-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debugsource-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-devel-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-unversioned-command-3.9.9-52.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:python3-help-3.9.9-52.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debug-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debuginfo-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debugsource-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-devel-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-unversioned-command-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.src", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debug-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debuginfo-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debugsource-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-devel-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-unversioned-command-3.9.9-52.oe2203sp4.x86_64" ], "details":"python3 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1463" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.0, "vectorString":"CVSS:3.1/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:python3-help-3.9.9-52.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debug-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debuginfo-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-debugsource-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-devel-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-unversioned-command-3.9.9-52.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.src", "openEuler-22.03-LTS-SP4:python3-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debug-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debuginfo-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-debugsource-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-devel-3.9.9-52.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-unversioned-command-3.9.9-52.oe2203sp4.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-1299" } ] }