{ "document": { "aggregate_severity": { "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "tracking": { "current_release_date": "2025-11-27T18:42:08Z", "generator": { "date": "2025-11-27T18:42:08Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1754039969", "initial_release_date": "2025-08-01T09:20:37Z", "revision_history": [ { "date": "2025-08-01T09:20:37Z", "number": "1", "summary": "Initial version" }, { "date": "2025-11-27T18:42:08Z", "number": "2", "summary": "Update document" } ], "status": "final", "version": "2" }, "title": "alt-python27: Fix of 3 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8", "product": { "name": "Community Enterprise Operating System 8", "product_id": "CentOS-8", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Cloud Linux Software, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "alt-python27-tools-0:2.7.18-16.el8.x86_64", "product": { "name": "alt-python27-tools-0:2.7.18-16.el8.x86_64", "product_id": "alt-python27-tools-0:2.7.18-16.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-python27-tools@2.7.18-16.el8?arch=x86_64" } } }, { "category": "product_version", "name": "alt-python27-libs-0:2.7.18-16.el8.x86_64", "product": { "name": "alt-python27-libs-0:2.7.18-16.el8.x86_64", "product_id": "alt-python27-libs-0:2.7.18-16.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-python27-libs@2.7.18-16.el8?arch=x86_64" } } }, { "category": "product_version", "name": "alt-python27-devel-0:2.7.18-16.el8.x86_64", "product": { "name": "alt-python27-devel-0:2.7.18-16.el8.x86_64", "product_id": "alt-python27-devel-0:2.7.18-16.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-python27-devel@2.7.18-16.el8?arch=x86_64" } } }, { "category": "product_version", "name": "alt-python27-0:2.7.18-16.el8.x86_64", "product": { "name": "alt-python27-0:2.7.18-16.el8.x86_64", "product_id": "alt-python27-0:2.7.18-16.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-python27@2.7.18-16.el8?arch=x86_64" } } }, { "category": "product_version", "name": "alt-python27-test-0:2.7.18-16.el8.x86_64", "product": { "name": "alt-python27-test-0:2.7.18-16.el8.x86_64", "product_id": "alt-python27-test-0:2.7.18-16.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-python27-test@2.7.18-16.el8?arch=x86_64" } } }, { "category": "product_version", "name": "alt-python27-tkinter-0:2.7.18-16.el8.x86_64", "product": { "name": "alt-python27-tkinter-0:2.7.18-16.el8.x86_64", "product_id": "alt-python27-tkinter-0:2.7.18-16.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-python27-tkinter@2.7.18-16.el8?arch=x86_64" } } }, { "category": "product_version", "name": "alt-python27-debug-0:2.7.18-16.el8.x86_64", "product": { "name": "alt-python27-debug-0:2.7.18-16.el8.x86_64", "product_id": "alt-python27-debug-0:2.7.18-16.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-python27-debug@2.7.18-16.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "alt-python27-tools-0:2.7.18-16.el8.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-8:alt-python27-tools-0:2.7.18-16.el8.x86_64" }, "product_reference": "alt-python27-tools-0:2.7.18-16.el8.x86_64", "relates_to_product_reference": "CentOS-8" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python27-libs-0:2.7.18-16.el8.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-8:alt-python27-libs-0:2.7.18-16.el8.x86_64" }, "product_reference": "alt-python27-libs-0:2.7.18-16.el8.x86_64", "relates_to_product_reference": "CentOS-8" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python27-devel-0:2.7.18-16.el8.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-8:alt-python27-devel-0:2.7.18-16.el8.x86_64" }, "product_reference": "alt-python27-devel-0:2.7.18-16.el8.x86_64", "relates_to_product_reference": "CentOS-8" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python27-0:2.7.18-16.el8.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-8:alt-python27-0:2.7.18-16.el8.x86_64" }, "product_reference": "alt-python27-0:2.7.18-16.el8.x86_64", "relates_to_product_reference": "CentOS-8" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python27-test-0:2.7.18-16.el8.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-8:alt-python27-test-0:2.7.18-16.el8.x86_64" }, "product_reference": "alt-python27-test-0:2.7.18-16.el8.x86_64", "relates_to_product_reference": "CentOS-8" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python27-tkinter-0:2.7.18-16.el8.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-8:alt-python27-tkinter-0:2.7.18-16.el8.x86_64" }, "product_reference": "alt-python27-tkinter-0:2.7.18-16.el8.x86_64", "relates_to_product_reference": "CentOS-8" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python27-debug-0:2.7.18-16.el8.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-8:alt-python27-debug-0:2.7.18-16.el8.x86_64" }, "product_reference": "alt-python27-debug-0:2.7.18-16.el8.x86_64", "relates_to_product_reference": "CentOS-8" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-8492", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "description", "text": "Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8:alt-python27-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-debug-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-devel-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-libs-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-test-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tkinter-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tools-0:2.7.18-16.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2020-8492" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html" }, { "category": "external", "summary": "https://bugs.python.org/issue39503", "url": "https://bugs.python.org/issue39503" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/18284", "url": "https://github.com/python/cpython/pull/18284" }, { "category": "external", "summary": "https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5%40%3Ccommits.cassandra.apache.org%3E", "url": "https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5%40%3Ccommits.cassandra.apache.org%3E" }, { "category": "external", "summary": "https://lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da%40%3Ccommits.cassandra.apache.org%3E", "url": "https://lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da%40%3Ccommits.cassandra.apache.org%3E" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APGWEMYZIY5VHLCSZ3HD67PA5Z2UQFGH/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APGWEMYZIY5VHLCSZ3HD67PA5Z2UQFGH/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/" }, { "category": "external", "summary": "https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html", "url": "https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202005-09", "url": "https://security.gentoo.org/glsa/202005-09" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20200221-0001/", "url": "https://security.netapp.com/advisory/ntap-20200221-0001/" }, { "category": "external", "summary": "https://usn.ubuntu.com/4333-1/", "url": "https://usn.ubuntu.com/4333-1/" }, { "category": "external", "summary": "https://usn.ubuntu.com/4333-2/", "url": "https://usn.ubuntu.com/4333-2/" } ], "release_date": "2020-01-30T19:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-08-01T09:19:31.463820Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1754039969", "product_ids": [ "CentOS-8:alt-python27-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-debug-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-devel-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-libs-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-test-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tkinter-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tools-0:2.7.18-16.el8.x86_64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1754039969" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8:alt-python27-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-debug-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-devel-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-libs-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-test-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tkinter-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tools-0:2.7.18-16.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2021-3733", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "description", "text": "There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8:alt-python27-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-debug-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-devel-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-libs-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-test-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tkinter-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tools-0:2.7.18-16.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2021-3733" }, { "category": "external", "summary": "https://bugs.python.org/issue43075", "url": "https://bugs.python.org/issue43075" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=1995234", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995234" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb", "url": "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/24391", "url": "https://github.com/python/cpython/pull/24391" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20220407-0001/", "url": "https://security.netapp.com/advisory/ntap-20220407-0001/" }, { "category": "external", "summary": "https://ubuntu.com/security/CVE-2021-3733", "url": "https://ubuntu.com/security/CVE-2021-3733" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html" } ], "release_date": "2022-03-10T17:42:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-08-01T09:19:31.463820Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1754039969", "product_ids": [ "CentOS-8:alt-python27-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-debug-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-devel-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-libs-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-test-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tkinter-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tools-0:2.7.18-16.el8.x86_64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1754039969" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8:alt-python27-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-debug-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-devel-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-libs-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-test-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tkinter-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tools-0:2.7.18-16.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2022-48566", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "description", "text": "An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8:alt-python27-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-debug-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-devel-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-libs-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-test-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tkinter-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tools-0:2.7.18-16.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2022-48566" }, { "category": "external", "summary": "https://bugs.python.org/issue40791", "url": "https://bugs.python.org/issue40791" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html", "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20231006-0013/", "url": "https://security.netapp.com/advisory/ntap-20231006-0013/" } ], "release_date": "2023-08-22T19:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-08-01T09:19:31.463820Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1754039969", "product_ids": [ "CentOS-8:alt-python27-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-debug-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-devel-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-libs-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-test-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tkinter-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tools-0:2.7.18-16.el8.x86_64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1754039969" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CentOS-8:alt-python27-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-debug-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-devel-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-libs-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-test-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tkinter-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tools-0:2.7.18-16.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-40217", "notes": [ { "category": "description", "text": "An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as \"not connected\" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8:alt-python27-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-debug-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-devel-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-libs-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-test-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tkinter-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tools-0:2.7.18-16.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2023-40217" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html", "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html" }, { "category": "external", "summary": "https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/", "url": "https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20231006-0014/", "url": "https://security.netapp.com/advisory/ntap-20231006-0014/" }, { "category": "external", "summary": "https://www.python.org/dev/security/", "url": "https://www.python.org/dev/security/" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/11/msg00005.html", "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00005.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html" } ], "release_date": "2023-08-25T01:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-08-01T09:19:31.463820Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1754039969", "product_ids": [ "CentOS-8:alt-python27-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-debug-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-devel-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-libs-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-test-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tkinter-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tools-0:2.7.18-16.el8.x86_64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1754039969" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CentOS-8:alt-python27-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-debug-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-devel-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-libs-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-test-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tkinter-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tools-0:2.7.18-16.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-27043", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8:alt-python27-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-debug-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-devel-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-libs-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-test-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tkinter-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tools-0:2.7.18-16.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2023-27043" }, { "category": "external", "summary": "http://python.org", "url": "http://python.org/" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/102988", "url": "https://github.com/python/cpython/issues/102988" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/" }, { "category": "external", "summary": "https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html", "url": "https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230601-0003/", "url": "https://security.netapp.com/advisory/ntap-20230601-0003/" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2025/Apr/8", "url": "http://seclists.org/fulldisclosure/2025/Apr/8" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html", "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/" } ], "release_date": "2023-04-19T00:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-08-01T09:19:31.463820Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1754039969", "product_ids": [ "CentOS-8:alt-python27-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-debug-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-devel-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-libs-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-test-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tkinter-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tools-0:2.7.18-16.el8.x86_64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1754039969" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "CentOS-8:alt-python27-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-debug-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-devel-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-libs-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-test-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tkinter-0:2.7.18-16.el8.x86_64", "CentOS-8:alt-python27-tools-0:2.7.18-16.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }