Description
python-cryptography: Bleichenbacher timing oracle attack against RSA decryption.
python: Unsafe use of eval() on data retrieved via HTTP in the test suite.
python-lxml: mXSS due to the use of improper parser.
python-jinja2: ReDoS vulnerability due to the sub-pattern.
python-cryptography: Large inputs for symmetric encryption can trigger integer overflow leading to buffer overflow.
python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c.
python: Information disclosure via pydoc.
python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code.
python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters.
python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS.
python-ipaddress: Improper input validation of octal strings.
python-urllib3: ReDoS in the parsing of authority part of URL.
python-pip: Incorrect handling of unicode separators in git references.
Changes in the default separator for the Python urllib parsing functions.
The Python 'ipaddress' module no longer allows leading zeros in IPv4 addresses.