Описание
Security update for python-SQLAlchemy
This update for python-SQLAlchemy fixes the following issues:
Security issues fixed:
- CVE-2019-7164: Fixed SQL Injection via the order_by parameter (bsc#1124593).
- CVE-2019-7548: Fixed SQL Injection via the group_by parameter (bsc#1124593).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
python-SQLAlchemy-doc-1.2.7-lp150.2.3.1
python2-SQLAlchemy-1.2.7-lp150.2.3.1
python3-SQLAlchemy-1.2.7-lp150.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2019:2039-1
- SUSE Security Ratings
- SUSE Bug 1124593
- SUSE CVE CVE-2019-7164 page
- SUSE CVE CVE-2019-7548 page
Описание
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
Затронутые продукты
openSUSE Leap 15.0:python-SQLAlchemy-doc-1.2.7-lp150.2.3.1
openSUSE Leap 15.0:python2-SQLAlchemy-1.2.7-lp150.2.3.1
openSUSE Leap 15.0:python3-SQLAlchemy-1.2.7-lp150.2.3.1
Ссылки
- CVE-2019-7164
- SUSE Bug 1124593
Описание
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
Затронутые продукты
openSUSE Leap 15.0:python-SQLAlchemy-doc-1.2.7-lp150.2.3.1
openSUSE Leap 15.0:python2-SQLAlchemy-1.2.7-lp150.2.3.1
openSUSE Leap 15.0:python3-SQLAlchemy-1.2.7-lp150.2.3.1
Ссылки
- CVE-2019-7548
- SUSE Bug 1124593