Name "UpdateInfoReader::patchinqa" used only once: possible typo at bin/generate-cvrf.pl line 93.
Name "UpdateInfoReader::patchseverity" used only once: possible typo at bin/generate-cvrf.pl line 457.
Name "UpdateInfoReader::patchdescription" used only once: possible typo at bin/generate-cvrf.pl line 264.
Update is not defined in translation list.
Use of uninitialized value within %name2product in concatenation (.) or string at /home/securitybot/prod/cve-database/bin/UpdateInfoReader.pm line 1598.
SUSE:Channels/SUSE-ALP-Source-Standard_1.0 skipped
no pkglist for SUSE Liberty Linux 8, ESEA-2020:0159
no pkglist for SUSE Liberty Linux 8, ESBA-2020:0166
no pkglist for SUSE Liberty Linux 9, RHBA-2024:3832
no pkglist for SUSE Liberty Linux 9, RHSA-2024:3837
no pkglist for SUSE Liberty Linux 8, ESEA-2020:0158
no pkglist for SUSE Liberty Linux 8, ESEA-2021:0189
no pkglist for SUSE Liberty Linux 8, ESEA-2021:0190
no pkglist for SUSE Liberty Linux 8, ESSA-2020:0164
no pkglist for SUSE Liberty Linux 8, RHBA-2022:5328
SUSE:SLE-15:Update:PubClouds:Released SLES15-SAP-Azure-LI-BYOS images x86_64 has empty xml
SUSE:SLE-15:Update:PubClouds:Released SLES15-SAP-Azure-VLI-BYOS images x86_64 has empty xml
SUSE:SLE-15-SP1:Update:PubClouds:Released SLES15-SP1-CAP-Deployment-BYOS images x86_64 has empty xml
SUSE:SLE-15-SP1:Update:PubClouds:Released SLES15-SP1-CAP-Deployment-BYOS:Azure images x86_64 has empty xml
SUSE:SLE-15-SP1:Update:PubClouds:Released SLES15-SP1-CHOST-BYOS images x86_64 has empty xml
SUSE:SLE-15-SP1:Update:PubClouds:Released SLES15-SP1-Manager-4-0-Azure-BYOS images x86_64 has empty xml
SUSE:SLE-15-SP1:Update:PubClouds:Released SLES15-SP1-Manager-4-0-EC2-HVM-BYOS images x86_64 has empty xml
SUSE:SLE-15-SP1:Update:PubClouds:Released SLES15-SP1-Manager-4-0-GCE-BYOS images x86_64 has empty xml
SUSE:SLE-15-SP1:Update:PubClouds:Released SLES15-SP1-SAP-Azure-LI-BYOS images x86_64 has empty xml
SUSE:SLE-15-SP1:Update:PubClouds:Released SLES15-SP1-SAP-Azure-VLI-BYOS images x86_64 has empty xml
SUSE:SLE-15-SP1:Update:PubClouds:Released SLES15-SP1-SAPCAL images x86_64 has empty xml
SUSE:SLE-15-SP2:Update:PubClouds:Released SLES15-SP2 images x86_64 has empty xml
SUSE:SLE-15-SP2:Update:PubClouds:Released SLES15-SP2-BYOS images x86_64 has empty xml
SUSE:SLE-15-SP2:Update:PubClouds:Released SLES15-SP2-CAP-Deployment-BYOS images x86_64 has empty xml
SUSE:SLE-15-SP2:Update:PubClouds:Released SLES15-SP2-CAP-Deployment-BYOS:EC2-HVM images x86_64 has empty xml
SUSE:SLE-15-SP2:Update:PubClouds:Released SLES15-SP2-CAP-Deployment-BYOS:GCE images x86_64 has empty xml
SUSE:SLE-15-SP2:Update:PubClouds:Released SLES15-SP2-CHOST-BYOS images x86_64 has empty xml
no files in SLES15-SP2-HPC
no files in SLES15-SP2-HPC-BYOS
SUSE:SLE-15-SP2:Update:PubClouds:Released SLES15-SP2-HPC:EC2-HVM images x86_64 has empty xml
SUSE:SLE-15-SP2:Update:PubClouds:Released SLES15-SP2-Manager-4-1-Proxy-BYOS images x86_64 has empty xml
SUSE:SLE-15-SP2:Update:PubClouds:Released SLES15-SP2-Manager-4-1-Server-BYOS images x86_64 has empty xml
SUSE:SLE-15-SP2:Update:PubClouds:Released SLES15-SP2-SAP images x86_64 has empty xml
SUSE:SLE-15-SP2:Update:PubClouds:Released SLES15-SP2-SAP-Azure-LI-BYOS images x86_64 has empty xml
SUSE:SLE-15-SP2:Update:PubClouds:Released SLES15-SP2-SAP-Azure-VLI-BYOS images x86_64 has empty xml
SUSE:SLE-15-SP2:Update:PubClouds:Released SLES15-SP2-SAP-BYOS images x86_64 has empty xml
no files in SLES15-SP3
no files in SLES15-SP3-BYOS
no files in SLES15-SP3-CHOST-BYOS
no files in SLES15-SP3-HPC
no files in SLES15-SP3-HPC-BYOS
no files in SLES15-SP3-HPC:EC2-HVM
no files in SLES15-SP3-Manager-4-2-Proxy-BYOS
no files in SLES15-SP3-Manager-4-2-Server-BYOS
no files in SLES15-SP3-Micro-5-1-BYOS
no files in SLES15-SP3-Micro-5-2-BYOS
no files in SLES15-SP3-Micro-BYOS
no files in SLES15-SP3-Micro-BYOS:Azure
no files in SLES15-SP3-Micro-BYOS:EC2-HVM
no files in SLES15-SP3-SAP
no files in SLES15-SP3-SAP-Azure-LI-BYOS
no files in SLES15-SP3-SAP-Azure-VLI-BYOS
no files in SLES15-SP3-SAP-BYOS
no files in SLES15-SP3-SAPCAL
no files in SLES15-SP5
no files in SLES15-SP5-BYOS
no files in SLES15-SP5-CHOST-BYOS
no files in SLES15-SP5-HPC
no files in SLES15-SP5-HPC-BYOS
no files in SLES15-SP5-Hardened-BYOS
no files in SLES15-SP5-SAP
no files in SLES15-SP5-SAP-BYOS
no files in SLES15-SP5-SAP-Hardened
no files in SLES15-SP5-SAP-Hardened-BYOS
no files in SLES15-SP5-SAPCAL
no files in SLES12-SP4-SAP-Azure-LI-BYOS
no files in SLES12-SP4-SAP-Azure-VLI-BYOS
no files in SLES12-SP5-Azure
no files in SLES12-SP5-EC2
no files in SLES12-SP5-GCE
SUSE:SLE-12-SP5:Update:PubClouds:Released SLES12-SP5-OCI-BYOS images x86_64 has empty xml
SUSE:SLE-12-SP5:Update:PubClouds:Released SLES12-SP5-SAP-Azure-LI-BYOS images x86_64 has empty xml
SUSE:SLE-12-SP5:Update:PubClouds:Released SLES12-SP5-SAP-Azure-VLI-BYOS images x86_64 has empty xml
ERROR: notice SUSE-SU-202404:15254-1 has no valid patches out of: suse-ubu204ct-client-tools-202404-15254
ERROR: notice SUSE-SU-202404:15257-1 has no valid patches out of: suse-ubu204ct-client-tools-202404-15257
ERROR: notice SUSE-SU-202404:15258-1 has no valid patches out of: suse-ubu224ct-client-tools-202404-15258
ERROR: notice SUSE-SU-2024:1322-1 has no valid patches out of: SUSE-2024-1322,SUSE-SLE-Micro-5.5-2024-1322,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1322,SUSE-SLE-Module-RT-15-SP5-2024-1322,openSUSE-SLE-15.5-2024-1322
ERROR: notice SUSE-SU-2024:1322-2 has no valid patches out of: SUSE-2024-1322,SUSE-SLE-Micro-5.5-2024-1322,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1322,SUSE-SLE-Module-RT-15-SP5-2024-1322,openSUSE-SLE-15.5-2024-1322
ERROR: notice SUSE-SU-2024:1332-1 has no valid patches out of: SUSE-2024-1332,SUSE-SLE-Module-Public-Cloud-15-SP5-2024-1332,openSUSE-SLE-15.5-2024-1332
ERROR: notice SUSE-SU-2024:1332-2 has no valid patches out of: SUSE-2024-1332,SUSE-SLE-Module-Public-Cloud-15-SP5-2024-1332,openSUSE-SLE-15.5-2024-1332
ERROR: notice SUSE-SU-2024:1521-1 has no valid patches out of: SUSE-2024-1521,SUSE-Debian-11-CLIENT-TOOLS-x86_64-2024-1521
ERROR: notice SUSE-SU-2024:1522-1 has no valid patches out of: SUSE-2024-1522,SUSE-Debian-12-CLIENT-TOOLS-x86_64-2024-1522
ERROR: notice SUSE-SU-2024:1648-1 has no valid patches out of: SUSE-2024-1648,SUSE-SLE-HA-12-SP5-2024-1648,SUSE-SLE-Live-Patching-12-SP5-2024-1648,SUSE-SLE-SDK-12-SP5-2024-1648,SUSE-SLE-SERVER-12-SP5-2024-1648,SUSE-SLE-WE-12-SP5-2024-1648
ERROR: notice SUSE-SU-2024:1648-2 has no valid patches out of: SUSE-2024-1648,SUSE-SLE-HA-12-SP5-2024-1648,SUSE-SLE-Live-Patching-12-SP5-2024-1648,SUSE-SLE-SDK-12-SP5-2024-1648,SUSE-SLE-SERVER-12-SP5-2024-1648,SUSE-SLE-WE-12-SP5-2024-1648
ERROR: notice SUSE-SU-2024:2801-1 has no valid patches out of: SUSE-2024-2801,SUSE-SLE-Micro-5.3-2024-2801,SUSE-SLE-Micro-5.4-2024-2801,SUSE-SLE-Micro-5.5-2024-2801,SUSE-SLE-Module-Containers-15-SP5-2024-2801,SUSE-SLE-Module-Containers-15-SP6-2024-2801,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-2801,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2801,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2801,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2801,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2801,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2801,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2801,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2801,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2801,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2801,SUSE-SUSE-MicroOS-5.1-2024-2801,SUSE-SUSE-MicroOS-5.2-2024-2801,SUSE-Storage-7.1-2024-2801,openSUSE-Leap-Micro-5.5-2024-2801,openSUSE-SLE-15.5-2024-2801,openSUSE-SLE-15.6-2024-2801
ERROR: notice SUSE-SU-2024:2801-2 has no valid patches out of: SUSE-2024-2801,SUSE-SLE-Micro-5.3-2024-2801,SUSE-SLE-Micro-5.4-2024-2801,SUSE-SLE-Micro-5.5-2024-2801,SUSE-SLE-Module-Containers-15-SP5-2024-2801,SUSE-SLE-Module-Containers-15-SP6-2024-2801,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-2801,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2801,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2801,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2801,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2801,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2801,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2801,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2801,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2801,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2801,SUSE-SUSE-MicroOS-5.1-2024-2801,SUSE-SUSE-MicroOS-5.2-2024-2801,SUSE-Storage-7.1-2024-2801,openSUSE-Leap-Micro-5.5-2024-2801,openSUSE-SLE-15.5-2024-2801,openSUSE-SLE-15.6-2024-2801
--- cvrf-suse-su-2024:3760-1.xml	1970-01-01 01:00:00.000000000 +0100
+++ cvrf-suse-su-2024:3760-1.xml.new.formatted	2024-10-29 08:22:46.966490000 +0100
@@ -0,0 +1,164 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
+  <DocumentTitle xml:lang="en">Security update for python3</DocumentTitle>
+  <DocumentType>SUSE Patch</DocumentType>
+  <DocumentPublisher Type="Vendor">
+    <ContactDetails>security@suse.de</ContactDetails>
+    <IssuingAuthority>SUSE Security Team</IssuingAuthority>
+  </DocumentPublisher>
+  <DocumentTracking>
+    <Identification>
+      <ID>SUSE-SU-2024:3760-1</ID>
+    </Identification>
+    <Status>Final</Status>
+    <Version>1</Version>
+    <RevisionHistory>
+      <Revision>
+        <Number>1</Number>
+        <Date>2024-10-28T03:33:33Z</Date>
+        <Description>current</Description>
+      </Revision>
+    </RevisionHistory>
+    <InitialReleaseDate>2024-10-28T03:33:33Z</InitialReleaseDate>
+    <CurrentReleaseDate>2024-10-28T03:33:33Z</CurrentReleaseDate>
+    <Generator>
+      <Engine>cve-database/bin/generate-cvrf.pl</Engine>
+      <Date>2017-02-24T01:00:00Z</Date>
+    </Generator>
+  </DocumentTracking>
+  <DocumentNotes>
+    <Note Title="Topic" Type="Summary" Ordinal="1" xml:lang="en">Security update for python3</Note>
+    <Note Title="Details" Type="General" Ordinal="2" xml:lang="en">This update for python3 fixes the following issues:
+
+Security fixes:
+
+- CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241)
+
+Other fixes:
+
+- Drop .pyc files from docdir for reproducible builds (bsc#1230906)
+</Note>
+    <Note Title="Terms of Use" Type="Legal Disclaimer" Ordinal="3" xml:lang="en">The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).</Note>
+    <Note Title="Patchnames" Type="Details" Ordinal="4" xml:lang="en">SUSE-2024-3760,SUSE-SUSE-MicroOS-5.1-2024-3760</Note>
+  </DocumentNotes>
+  <DocumentDistribution xml:lang="en">Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)</DocumentDistribution>
+  <DocumentReferences>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/support/update/announcement/2024/suse-su-20243760-1/</URL>
+      <Description>Link for SUSE-SU-2024:3760-1</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://lists.suse.com/pipermail/sle-security-updates/2024-October/019680.html</URL>
+      <Description>E-Mail link for SUSE-SU-2024:3760-1</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/support/security/rating/</URL>
+      <Description>SUSE Security Ratings</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://bugzilla.suse.com/1230906</URL>
+      <Description>SUSE Bug 1230906</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://bugzilla.suse.com/1232241</URL>
+      <Description>SUSE Bug 1232241</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-9287/</URL>
+      <Description>SUSE CVE CVE-2024-9287 page</Description>
+    </Reference>
+  </DocumentReferences>
+  <ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
+    <Branch Type="Product Family" Name="SUSE Linux Enterprise Micro 5.1">
+      <Branch Type="Product Name" Name="SUSE Linux Enterprise Micro 5.1">
+        <FullProductName ProductID="SUSE Linux Enterprise Micro 5.1" CPE="cpe:/o:suse:suse-microos:5.1">SUSE Linux Enterprise Micro 5.1</FullProductName>
+      </Branch>
+    </Branch>
+    <Branch Type="Product Version" Name="libpython3_6m1_0-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="libpython3_6m1_0-3.6.15-150000.3.164.1">libpython3_6m1_0-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="libpython3_6m1_0-32bit-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="libpython3_6m1_0-32bit-3.6.15-150000.3.164.1">libpython3_6m1_0-32bit-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="libpython3_6m1_0-64bit-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="libpython3_6m1_0-64bit-3.6.15-150000.3.164.1">libpython3_6m1_0-64bit-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-3.6.15-150000.3.164.1">python3-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-base-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-base-3.6.15-150000.3.164.1">python3-base-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-curses-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-curses-3.6.15-150000.3.164.1">python3-curses-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-dbm-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-dbm-3.6.15-150000.3.164.1">python3-dbm-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-devel-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-devel-3.6.15-150000.3.164.1">python3-devel-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-doc-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-doc-3.6.15-150000.3.164.1">python3-doc-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-doc-devhelp-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-doc-devhelp-3.6.15-150000.3.164.1">python3-doc-devhelp-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-idle-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-idle-3.6.15-150000.3.164.1">python3-idle-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-testsuite-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-testsuite-3.6.15-150000.3.164.1">python3-testsuite-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-tk-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-tk-3.6.15-150000.3.164.1">python3-tk-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-tools-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-tools-3.6.15-150000.3.164.1">python3-tools-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Relationship ProductReference="libpython3_6m1_0-3.6.15-150000.3.164.1" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Micro 5.1">
+      <FullProductName ProductID="SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.164.1">libpython3_6m1_0-3.6.15-150000.3.164.1 as a component of SUSE Linux Enterprise Micro 5.1</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="python3-3.6.15-150000.3.164.1" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Micro 5.1">
+      <FullProductName ProductID="SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.164.1">python3-3.6.15-150000.3.164.1 as a component of SUSE Linux Enterprise Micro 5.1</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="python3-base-3.6.15-150000.3.164.1" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Micro 5.1">
+      <FullProductName ProductID="SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.164.1">python3-base-3.6.15-150000.3.164.1 as a component of SUSE Linux Enterprise Micro 5.1</FullProductName>
+    </Relationship>
+  </ProductTree>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="1">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.</Note>
+    </Notes>
+    <CVE>CVE-2024-9287</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.164.1</ProductID>
+        <ProductID>SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.164.1</ProductID>
+        <ProductID>SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.164.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL>https://www.suse.com/support/update/announcement/2024/suse-su-20243760-1/</URL>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-9287.html</URL>
+        <Description>CVE-2024-9287</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1232241</URL>
+        <Description>SUSE Bug 1232241</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+</cvrfdoc>
--- cvrf-suse-su-2024:3760-1.xml	1970-01-01 01:00:00.000000000 +0100
+++ cvrf-suse-su-2024:3760-1.xml.new.formatted	2024-10-29 08:22:47.529432000 +0100
@@ -0,0 +1,170 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<cvrfdoc xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:cvrf="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/cvrf" xmlns:cvrf-common="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/common" xmlns:cvssv2="http://scap.nist.gov/schema/cvss-v2/1.0" xmlns:cvssv3="https://www.first.org/cvss/cvss-v3.0.xsd" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:ns0="http://purl.org/dc/elements/1.1/" xmlns:prod="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod" xmlns:scap-core="http://scap.nist.gov/schema/scap-core/1.0" xmlns:sch="http://purl.oclc.org/dsdl/schematron" xmlns:vuln="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/cvrf">
+  <DocumentTitle xml:lang="en">Security update for python3</DocumentTitle>
+  <DocumentType>SUSE Patch</DocumentType>
+  <DocumentPublisher Type="Vendor">
+    <ContactDetails>security@suse.de</ContactDetails>
+    <IssuingAuthority>SUSE Security Team</IssuingAuthority>
+  </DocumentPublisher>
+  <DocumentTracking>
+    <Identification>
+      <ID>SUSE-SU-2024:3760-1</ID>
+    </Identification>
+    <Status>Final</Status>
+    <Version>1</Version>
+    <RevisionHistory>
+      <Revision>
+        <Number>1</Number>
+        <Date>2024-10-28T03:33:33Z</Date>
+        <Description>current</Description>
+      </Revision>
+    </RevisionHistory>
+    <InitialReleaseDate>2024-10-28T03:33:33Z</InitialReleaseDate>
+    <CurrentReleaseDate>2024-10-28T03:33:33Z</CurrentReleaseDate>
+    <Generator>
+      <Engine>cve-database/bin/generate-cvrf.pl</Engine>
+      <Date>2017-02-24T01:00:00Z</Date>
+    </Generator>
+  </DocumentTracking>
+  <DocumentNotes>
+    <Note Title="Topic" Type="Summary" Ordinal="1" xml:lang="en">Security update for python3</Note>
+    <Note Title="Details" Type="General" Ordinal="2" xml:lang="en">This update for python3 fixes the following issues:
+
+Security fixes:
+
+- CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241)
+
+Other fixes:
+
+- Drop .pyc files from docdir for reproducible builds (bsc#1230906)
+</Note>
+    <Note Title="Terms of Use" Type="Legal Disclaimer" Ordinal="3" xml:lang="en">The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).</Note>
+    <Note Title="Patchnames" Type="Details" Ordinal="4" xml:lang="en">SUSE-2024-3760,SUSE-SUSE-MicroOS-5.1-2024-3760</Note>
+  </DocumentNotes>
+  <DocumentDistribution xml:lang="en">Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)</DocumentDistribution>
+  <DocumentReferences>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/support/update/announcement/2024/suse-su-20243760-1/</URL>
+      <Description>Link for SUSE-SU-2024:3760-1</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://lists.suse.com/pipermail/sle-security-updates/2024-October/019680.html</URL>
+      <Description>E-Mail link for SUSE-SU-2024:3760-1</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/support/security/rating/</URL>
+      <Description>SUSE Security Ratings</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://bugzilla.suse.com/1230906</URL>
+      <Description>SUSE Bug 1230906</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://bugzilla.suse.com/1232241</URL>
+      <Description>SUSE Bug 1232241</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-9287/</URL>
+      <Description>SUSE CVE CVE-2024-9287 page</Description>
+    </Reference>
+  </DocumentReferences>
+  <ProductTree xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod">
+    <Branch Type="Product Family" Name="SUSE Linux Enterprise Micro 5.1">
+      <Branch Type="Product Name" Name="SUSE Linux Enterprise Micro 5.1">
+        <FullProductName ProductID="SUSE Linux Enterprise Micro 5.1" CPE="cpe:/o:suse:suse-microos:5.1">SUSE Linux Enterprise Micro 5.1</FullProductName>
+      </Branch>
+    </Branch>
+    <Branch Type="Product Version" Name="libpython3_6m1_0-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="libpython3_6m1_0-3.6.15-150000.3.164.1">libpython3_6m1_0-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="libpython3_6m1_0-32bit-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="libpython3_6m1_0-32bit-3.6.15-150000.3.164.1">libpython3_6m1_0-32bit-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="libpython3_6m1_0-64bit-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="libpython3_6m1_0-64bit-3.6.15-150000.3.164.1">libpython3_6m1_0-64bit-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-3.6.15-150000.3.164.1">python3-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-base-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-base-3.6.15-150000.3.164.1">python3-base-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-curses-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-curses-3.6.15-150000.3.164.1">python3-curses-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-dbm-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-dbm-3.6.15-150000.3.164.1">python3-dbm-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-devel-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-devel-3.6.15-150000.3.164.1">python3-devel-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-doc-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-doc-3.6.15-150000.3.164.1">python3-doc-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-doc-devhelp-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-doc-devhelp-3.6.15-150000.3.164.1">python3-doc-devhelp-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-idle-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-idle-3.6.15-150000.3.164.1">python3-idle-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-testsuite-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-testsuite-3.6.15-150000.3.164.1">python3-testsuite-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-tk-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-tk-3.6.15-150000.3.164.1">python3-tk-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python3-tools-3.6.15-150000.3.164.1">
+      <FullProductName ProductID="python3-tools-3.6.15-150000.3.164.1">python3-tools-3.6.15-150000.3.164.1</FullProductName>
+    </Branch>
+    <Relationship ProductReference="libpython3_6m1_0-3.6.15-150000.3.164.1" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Micro 5.1">
+      <FullProductName ProductID="SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.164.1">libpython3_6m1_0-3.6.15-150000.3.164.1 as a component of SUSE Linux Enterprise Micro 5.1</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="python3-3.6.15-150000.3.164.1" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Micro 5.1">
+      <FullProductName ProductID="SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.164.1">python3-3.6.15-150000.3.164.1 as a component of SUSE Linux Enterprise Micro 5.1</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="python3-base-3.6.15-150000.3.164.1" RelationType="Default Component Of" RelatesToProductReference="SUSE Linux Enterprise Micro 5.1">
+      <FullProductName ProductID="SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.164.1">python3-base-3.6.15-150000.3.164.1 as a component of SUSE Linux Enterprise Micro 5.1</FullProductName>
+    </Relationship>
+  </ProductTree>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="1">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.</Note>
+    </Notes>
+    <CVE>CVE-2024-9287</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.164.1</ProductID>
+        <ProductID>SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.164.1</ProductID>
+        <ProductID>SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.164.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>6.5</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL>https://www.suse.com/support/update/announcement/2024/suse-su-20243760-1/</URL>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-9287.html</URL>
+        <Description>CVE-2024-9287</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1232241</URL>
+        <Description>SUSE Bug 1232241</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+</cvrfdoc>
ERROR: notice openSUSE-SU-2024:0123-1 has no valid patches out of: openSUSE-2024-123
no cpe found for SUSE Package Hub 15 SP5
no cpe found for SUSE Package Hub 15 SP6
--- cvrf-opensuse-su-2024:0341-1.xml	1970-01-01 01:00:00.000000000 +0100
+++ cvrf-opensuse-su-2024:0341-1.xml.new.formatted	2024-10-29 08:22:48.066377000 +0100
@@ -0,0 +1,241 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
+  <DocumentTitle xml:lang="en">Security update for chromium</DocumentTitle>
+  <DocumentType>SUSE Patch</DocumentType>
+  <DocumentPublisher Type="Vendor">
+    <ContactDetails>security@suse.de</ContactDetails>
+    <IssuingAuthority>SUSE Security Team</IssuingAuthority>
+  </DocumentPublisher>
+  <DocumentTracking>
+    <Identification>
+      <ID>openSUSE-SU-2024:0341-1</ID>
+    </Identification>
+    <Status>Final</Status>
+    <Version>1</Version>
+    <RevisionHistory>
+      <Revision>
+        <Number>1</Number>
+        <Date>2024-10-28T15:20:35Z</Date>
+        <Description>current</Description>
+      </Revision>
+    </RevisionHistory>
+    <InitialReleaseDate>2024-10-28T15:20:35Z</InitialReleaseDate>
+    <CurrentReleaseDate>2024-10-28T15:20:35Z</CurrentReleaseDate>
+    <Generator>
+      <Engine>cve-database/bin/generate-cvrf.pl</Engine>
+      <Date>2017-02-24T01:00:00Z</Date>
+    </Generator>
+  </DocumentTracking>
+  <DocumentNotes>
+    <Note Title="Topic" Type="Summary" Ordinal="1" xml:lang="en">Security update for chromium</Note>
+    <Note Title="Details" Type="General" Ordinal="2" xml:lang="en">This update for chromium fixes the following issues:
+
+Chromium 130.0.6723.69 (boo#1232060)
+
+  * CVE-2024-10229: Inappropriate implementation in Extensions
+  * CVE-2024-10230: Type Confusion in V8
+  * CVE-2024-10231: Type Confusion in V8
+</Note>
+    <Note Title="Terms of Use" Type="Legal Disclaimer" Ordinal="3" xml:lang="en">The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).</Note>
+    <Note Title="Patchnames" Type="Details" Ordinal="4" xml:lang="en">openSUSE-2024-341</Note>
+  </DocumentNotes>
+  <DocumentDistribution xml:lang="en">Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)</DocumentDistribution>
+  <DocumentReferences>
+    <Reference Type="Self">
+      <URL>https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5PEJPFZ7F3SICZGHQRWBWYOGKITIYN67/</URL>
+      <Description>E-Mail link for openSUSE-SU-2024:0341-1</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/support/security/rating/</URL>
+      <Description>SUSE Security Ratings</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://bugzilla.suse.com/1232060</URL>
+      <Description>SUSE Bug 1232060</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-10229/</URL>
+      <Description>SUSE CVE CVE-2024-10229 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-10230/</URL>
+      <Description>SUSE CVE CVE-2024-10230 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-10231/</URL>
+      <Description>SUSE CVE CVE-2024-10231 page</Description>
+    </Reference>
+  </DocumentReferences>
+  <ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
+    <Branch Type="Product Family" Name="SUSE Package Hub 15 SP5">
+      <Branch Type="Product Name" Name="SUSE Package Hub 15 SP5">
+        <FullProductName ProductID="SUSE Package Hub 15 SP5">SUSE Package Hub 15 SP5</FullProductName>
+      </Branch>
+    </Branch>
+    <Branch Type="Product Family" Name="SUSE Package Hub 15 SP6">
+      <Branch Type="Product Name" Name="SUSE Package Hub 15 SP6">
+        <FullProductName ProductID="SUSE Package Hub 15 SP6">SUSE Package Hub 15 SP6</FullProductName>
+      </Branch>
+    </Branch>
+    <Branch Type="Product Family" Name="openSUSE Leap 15.5">
+      <Branch Type="Product Name" Name="openSUSE Leap 15.5">
+        <FullProductName ProductID="openSUSE Leap 15.5" CPE="cpe:/o:opensuse:leap:15.5">openSUSE Leap 15.5</FullProductName>
+      </Branch>
+    </Branch>
+    <Branch Type="Product Family" Name="openSUSE Leap 15.6">
+      <Branch Type="Product Name" Name="openSUSE Leap 15.6">
+        <FullProductName ProductID="openSUSE Leap 15.6" CPE="cpe:/o:opensuse:leap:15.6">openSUSE Leap 15.6</FullProductName>
+      </Branch>
+    </Branch>
+    <Branch Type="Product Version" Name="chromedriver-130.0.6723.69-bp156.2.44.1">
+      <FullProductName ProductID="chromedriver-130.0.6723.69-bp156.2.44.1">chromedriver-130.0.6723.69-bp156.2.44.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="chromium-130.0.6723.69-bp156.2.44.1">
+      <FullProductName ProductID="chromium-130.0.6723.69-bp156.2.44.1">chromium-130.0.6723.69-bp156.2.44.1</FullProductName>
+    </Branch>
+    <Relationship ProductReference="chromedriver-130.0.6723.69-bp156.2.44.1" RelationType="Default Component Of" RelatesToProductReference="SUSE Package Hub 15 SP5">
+      <FullProductName ProductID="SUSE Package Hub 15 SP5:chromedriver-130.0.6723.69-bp156.2.44.1">chromedriver-130.0.6723.69-bp156.2.44.1 as a component of SUSE Package Hub 15 SP5</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="chromium-130.0.6723.69-bp156.2.44.1" RelationType="Default Component Of" RelatesToProductReference="SUSE Package Hub 15 SP5">
+      <FullProductName ProductID="SUSE Package Hub 15 SP5:chromium-130.0.6723.69-bp156.2.44.1">chromium-130.0.6723.69-bp156.2.44.1 as a component of SUSE Package Hub 15 SP5</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="chromedriver-130.0.6723.69-bp156.2.44.1" RelationType="Default Component Of" RelatesToProductReference="SUSE Package Hub 15 SP6">
+      <FullProductName ProductID="SUSE Package Hub 15 SP6:chromedriver-130.0.6723.69-bp156.2.44.1">chromedriver-130.0.6723.69-bp156.2.44.1 as a component of SUSE Package Hub 15 SP6</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="chromium-130.0.6723.69-bp156.2.44.1" RelationType="Default Component Of" RelatesToProductReference="SUSE Package Hub 15 SP6">
+      <FullProductName ProductID="SUSE Package Hub 15 SP6:chromium-130.0.6723.69-bp156.2.44.1">chromium-130.0.6723.69-bp156.2.44.1 as a component of SUSE Package Hub 15 SP6</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="chromedriver-130.0.6723.69-bp156.2.44.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.5">
+      <FullProductName ProductID="openSUSE Leap 15.5:chromedriver-130.0.6723.69-bp156.2.44.1">chromedriver-130.0.6723.69-bp156.2.44.1 as a component of openSUSE Leap 15.5</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="chromium-130.0.6723.69-bp156.2.44.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.5">
+      <FullProductName ProductID="openSUSE Leap 15.5:chromium-130.0.6723.69-bp156.2.44.1">chromium-130.0.6723.69-bp156.2.44.1 as a component of openSUSE Leap 15.5</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="chromedriver-130.0.6723.69-bp156.2.44.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.6">
+      <FullProductName ProductID="openSUSE Leap 15.6:chromedriver-130.0.6723.69-bp156.2.44.1">chromedriver-130.0.6723.69-bp156.2.44.1 as a component of openSUSE Leap 15.6</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="chromium-130.0.6723.69-bp156.2.44.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.6">
+      <FullProductName ProductID="openSUSE Leap 15.6:chromium-130.0.6723.69-bp156.2.44.1">chromium-130.0.6723.69-bp156.2.44.1 as a component of openSUSE Leap 15.6</FullProductName>
+    </Relationship>
+  </ProductTree>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="1">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)</Note>
+    </Notes>
+    <CVE>CVE-2024-10229</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>SUSE Package Hub 15 SP5:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>SUSE Package Hub 15 SP5:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>SUSE Package Hub 15 SP6:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>SUSE Package Hub 15 SP6:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.5:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.5:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.6:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.6:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>important</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL>https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5PEJPFZ7F3SICZGHQRWBWYOGKITIYN67/</URL>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-10229.html</URL>
+        <Description>CVE-2024-10229</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1232060</URL>
+        <Description>SUSE Bug 1232060</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="2">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)</Note>
+    </Notes>
+    <CVE>CVE-2024-10230</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>SUSE Package Hub 15 SP5:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>SUSE Package Hub 15 SP5:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>SUSE Package Hub 15 SP6:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>SUSE Package Hub 15 SP6:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.5:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.5:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.6:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.6:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>important</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL>https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5PEJPFZ7F3SICZGHQRWBWYOGKITIYN67/</URL>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-10230.html</URL>
+        <Description>CVE-2024-10230</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1232060</URL>
+        <Description>SUSE Bug 1232060</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="3">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)</Note>
+    </Notes>
+    <CVE>CVE-2024-10231</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>SUSE Package Hub 15 SP5:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>SUSE Package Hub 15 SP5:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>SUSE Package Hub 15 SP6:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>SUSE Package Hub 15 SP6:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.5:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.5:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.6:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.6:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>important</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL>https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5PEJPFZ7F3SICZGHQRWBWYOGKITIYN67/</URL>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-10231.html</URL>
+        <Description>CVE-2024-10231</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1232060</URL>
+        <Description>SUSE Bug 1232060</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+</cvrfdoc>
no cpe found for SUSE Package Hub 15 SP5
no cpe found for SUSE Package Hub 15 SP6
--- cvrf-opensuse-su-2024:0341-1.xml	1970-01-01 01:00:00.000000000 +0100
+++ cvrf-opensuse-su-2024:0341-1.xml.new.formatted	2024-10-29 08:22:48.454357000 +0100
@@ -0,0 +1,259 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<cvrfdoc xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:cvrf="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/cvrf" xmlns:cvrf-common="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/common" xmlns:cvssv2="http://scap.nist.gov/schema/cvss-v2/1.0" xmlns:cvssv3="https://www.first.org/cvss/cvss-v3.0.xsd" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:ns0="http://purl.org/dc/elements/1.1/" xmlns:prod="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod" xmlns:scap-core="http://scap.nist.gov/schema/scap-core/1.0" xmlns:sch="http://purl.oclc.org/dsdl/schematron" xmlns:vuln="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/cvrf">
+  <DocumentTitle xml:lang="en">Security update for chromium</DocumentTitle>
+  <DocumentType>SUSE Patch</DocumentType>
+  <DocumentPublisher Type="Vendor">
+    <ContactDetails>security@suse.de</ContactDetails>
+    <IssuingAuthority>SUSE Security Team</IssuingAuthority>
+  </DocumentPublisher>
+  <DocumentTracking>
+    <Identification>
+      <ID>openSUSE-SU-2024:0341-1</ID>
+    </Identification>
+    <Status>Final</Status>
+    <Version>1</Version>
+    <RevisionHistory>
+      <Revision>
+        <Number>1</Number>
+        <Date>2024-10-28T15:20:35Z</Date>
+        <Description>current</Description>
+      </Revision>
+    </RevisionHistory>
+    <InitialReleaseDate>2024-10-28T15:20:35Z</InitialReleaseDate>
+    <CurrentReleaseDate>2024-10-28T15:20:35Z</CurrentReleaseDate>
+    <Generator>
+      <Engine>cve-database/bin/generate-cvrf.pl</Engine>
+      <Date>2017-02-24T01:00:00Z</Date>
+    </Generator>
+  </DocumentTracking>
+  <DocumentNotes>
+    <Note Title="Topic" Type="Summary" Ordinal="1" xml:lang="en">Security update for chromium</Note>
+    <Note Title="Details" Type="General" Ordinal="2" xml:lang="en">This update for chromium fixes the following issues:
+
+Chromium 130.0.6723.69 (boo#1232060)
+
+  * CVE-2024-10229: Inappropriate implementation in Extensions
+  * CVE-2024-10230: Type Confusion in V8
+  * CVE-2024-10231: Type Confusion in V8
+</Note>
+    <Note Title="Terms of Use" Type="Legal Disclaimer" Ordinal="3" xml:lang="en">The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).</Note>
+    <Note Title="Patchnames" Type="Details" Ordinal="4" xml:lang="en">openSUSE-2024-341</Note>
+  </DocumentNotes>
+  <DocumentDistribution xml:lang="en">Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)</DocumentDistribution>
+  <DocumentReferences>
+    <Reference Type="Self">
+      <URL>https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5PEJPFZ7F3SICZGHQRWBWYOGKITIYN67/</URL>
+      <Description>E-Mail link for openSUSE-SU-2024:0341-1</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/support/security/rating/</URL>
+      <Description>SUSE Security Ratings</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://bugzilla.suse.com/1232060</URL>
+      <Description>SUSE Bug 1232060</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-10229/</URL>
+      <Description>SUSE CVE CVE-2024-10229 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-10230/</URL>
+      <Description>SUSE CVE CVE-2024-10230 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-10231/</URL>
+      <Description>SUSE CVE CVE-2024-10231 page</Description>
+    </Reference>
+  </DocumentReferences>
+  <ProductTree xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod">
+    <Branch Type="Product Family" Name="SUSE Package Hub 15 SP5">
+      <Branch Type="Product Name" Name="SUSE Package Hub 15 SP5">
+        <FullProductName ProductID="SUSE Package Hub 15 SP5">SUSE Package Hub 15 SP5</FullProductName>
+      </Branch>
+    </Branch>
+    <Branch Type="Product Family" Name="SUSE Package Hub 15 SP6">
+      <Branch Type="Product Name" Name="SUSE Package Hub 15 SP6">
+        <FullProductName ProductID="SUSE Package Hub 15 SP6">SUSE Package Hub 15 SP6</FullProductName>
+      </Branch>
+    </Branch>
+    <Branch Type="Product Family" Name="openSUSE Leap 15.5">
+      <Branch Type="Product Name" Name="openSUSE Leap 15.5">
+        <FullProductName ProductID="openSUSE Leap 15.5" CPE="cpe:/o:opensuse:leap:15.5">openSUSE Leap 15.5</FullProductName>
+      </Branch>
+    </Branch>
+    <Branch Type="Product Family" Name="openSUSE Leap 15.6">
+      <Branch Type="Product Name" Name="openSUSE Leap 15.6">
+        <FullProductName ProductID="openSUSE Leap 15.6" CPE="cpe:/o:opensuse:leap:15.6">openSUSE Leap 15.6</FullProductName>
+      </Branch>
+    </Branch>
+    <Branch Type="Product Version" Name="chromedriver-130.0.6723.69-bp156.2.44.1">
+      <FullProductName ProductID="chromedriver-130.0.6723.69-bp156.2.44.1">chromedriver-130.0.6723.69-bp156.2.44.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="chromium-130.0.6723.69-bp156.2.44.1">
+      <FullProductName ProductID="chromium-130.0.6723.69-bp156.2.44.1">chromium-130.0.6723.69-bp156.2.44.1</FullProductName>
+    </Branch>
+    <Relationship ProductReference="chromedriver-130.0.6723.69-bp156.2.44.1" RelationType="Default Component Of" RelatesToProductReference="SUSE Package Hub 15 SP5">
+      <FullProductName ProductID="SUSE Package Hub 15 SP5:chromedriver-130.0.6723.69-bp156.2.44.1">chromedriver-130.0.6723.69-bp156.2.44.1 as a component of SUSE Package Hub 15 SP5</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="chromium-130.0.6723.69-bp156.2.44.1" RelationType="Default Component Of" RelatesToProductReference="SUSE Package Hub 15 SP5">
+      <FullProductName ProductID="SUSE Package Hub 15 SP5:chromium-130.0.6723.69-bp156.2.44.1">chromium-130.0.6723.69-bp156.2.44.1 as a component of SUSE Package Hub 15 SP5</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="chromedriver-130.0.6723.69-bp156.2.44.1" RelationType="Default Component Of" RelatesToProductReference="SUSE Package Hub 15 SP6">
+      <FullProductName ProductID="SUSE Package Hub 15 SP6:chromedriver-130.0.6723.69-bp156.2.44.1">chromedriver-130.0.6723.69-bp156.2.44.1 as a component of SUSE Package Hub 15 SP6</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="chromium-130.0.6723.69-bp156.2.44.1" RelationType="Default Component Of" RelatesToProductReference="SUSE Package Hub 15 SP6">
+      <FullProductName ProductID="SUSE Package Hub 15 SP6:chromium-130.0.6723.69-bp156.2.44.1">chromium-130.0.6723.69-bp156.2.44.1 as a component of SUSE Package Hub 15 SP6</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="chromedriver-130.0.6723.69-bp156.2.44.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.5">
+      <FullProductName ProductID="openSUSE Leap 15.5:chromedriver-130.0.6723.69-bp156.2.44.1">chromedriver-130.0.6723.69-bp156.2.44.1 as a component of openSUSE Leap 15.5</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="chromium-130.0.6723.69-bp156.2.44.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.5">
+      <FullProductName ProductID="openSUSE Leap 15.5:chromium-130.0.6723.69-bp156.2.44.1">chromium-130.0.6723.69-bp156.2.44.1 as a component of openSUSE Leap 15.5</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="chromedriver-130.0.6723.69-bp156.2.44.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.6">
+      <FullProductName ProductID="openSUSE Leap 15.6:chromedriver-130.0.6723.69-bp156.2.44.1">chromedriver-130.0.6723.69-bp156.2.44.1 as a component of openSUSE Leap 15.6</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="chromium-130.0.6723.69-bp156.2.44.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.6">
+      <FullProductName ProductID="openSUSE Leap 15.6:chromium-130.0.6723.69-bp156.2.44.1">chromium-130.0.6723.69-bp156.2.44.1 as a component of openSUSE Leap 15.6</FullProductName>
+    </Relationship>
+  </ProductTree>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="1">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)</Note>
+    </Notes>
+    <CVE>CVE-2024-10229</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>SUSE Package Hub 15 SP5:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>SUSE Package Hub 15 SP5:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>SUSE Package Hub 15 SP6:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>SUSE Package Hub 15 SP6:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.5:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.5:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.6:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.6:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>important</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>8.1</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL>https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5PEJPFZ7F3SICZGHQRWBWYOGKITIYN67/</URL>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-10229.html</URL>
+        <Description>CVE-2024-10229</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1232060</URL>
+        <Description>SUSE Bug 1232060</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="2">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)</Note>
+    </Notes>
+    <CVE>CVE-2024-10230</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>SUSE Package Hub 15 SP5:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>SUSE Package Hub 15 SP5:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>SUSE Package Hub 15 SP6:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>SUSE Package Hub 15 SP6:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.5:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.5:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.6:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.6:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>important</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>8.8</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL>https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5PEJPFZ7F3SICZGHQRWBWYOGKITIYN67/</URL>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-10230.html</URL>
+        <Description>CVE-2024-10230</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1232060</URL>
+        <Description>SUSE Bug 1232060</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="3">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)</Note>
+    </Notes>
+    <CVE>CVE-2024-10231</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>SUSE Package Hub 15 SP5:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>SUSE Package Hub 15 SP5:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>SUSE Package Hub 15 SP6:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>SUSE Package Hub 15 SP6:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.5:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.5:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.6:chromedriver-130.0.6723.69-bp156.2.44.1</ProductID>
+        <ProductID>openSUSE Leap 15.6:chromium-130.0.6723.69-bp156.2.44.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>important</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>8.8</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL>https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5PEJPFZ7F3SICZGHQRWBWYOGKITIYN67/</URL>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-10231.html</URL>
+        <Description>CVE-2024-10231</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1232060</URL>
+        <Description>SUSE Bug 1232060</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+</cvrfdoc>
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
--- cvrf-opensuse-su-2024:14431-1.xml	1970-01-01 01:00:00.000000000 +0100
+++ cvrf-opensuse-su-2024:14431-1.xml.new.formatted	2024-10-29 08:22:54.070087000 +0100
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
+  <DocumentTitle xml:lang="en">grafana-11.3.0-1.1 on GA media</DocumentTitle>
+  <DocumentType>SUSE Patch</DocumentType>
+  <DocumentPublisher Type="Vendor">
+    <ContactDetails>security@suse.de</ContactDetails>
+    <IssuingAuthority>SUSE Security Team</IssuingAuthority>
+  </DocumentPublisher>
+  <DocumentTracking>
+    <Identification>
+      <ID>openSUSE-SU-2024:14431-1</ID>
+    </Identification>
+    <Status>Final</Status>
+    <Version>1</Version>
+    <RevisionHistory>
+      <Revision>
+        <Number>1</Number>
+        <Date>2024-10-28T00:00:00Z</Date>
+        <Description>current</Description>
+      </Revision>
+    </RevisionHistory>
+    <InitialReleaseDate>2024-10-28T00:00:00Z</InitialReleaseDate>
+    <CurrentReleaseDate>2024-10-28T00:00:00Z</CurrentReleaseDate>
+    <Generator>
+      <Engine>cve-database/bin/generate-cvrf.pl</Engine>
+      <Date>2017-02-24T01:00:00Z</Date>
+    </Generator>
+  </DocumentTracking>
+  <DocumentNotes>
+    <Note Title="Topic" Type="Summary" Ordinal="1" xml:lang="en">grafana-11.3.0-1.1 on GA media</Note>
+    <Note Title="Details" Type="General" Ordinal="2" xml:lang="en">These are all security issues fixed in the grafana-11.3.0-1.1 package on the GA media of openSUSE Tumbleweed.</Note>
+    <Note Title="Terms of Use" Type="Legal Disclaimer" Ordinal="3" xml:lang="en">The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).</Note>
+    <Note Title="Patchnames" Type="Details" Ordinal="4" xml:lang="en">openSUSE-Tumbleweed-2024-14431</Note>
+  </DocumentNotes>
+  <DocumentDistribution xml:lang="en">Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)</DocumentDistribution>
+  <DocumentReferences>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/support/security/rating/</URL>
+      <Description>SUSE Security Ratings</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-8118/</URL>
+      <Description>SUSE CVE CVE-2024-8118 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-9264/</URL>
+      <Description>SUSE CVE CVE-2024-9264 page</Description>
+    </Reference>
+  </DocumentReferences>
+  <ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
+    <Branch Type="Product Family" Name="openSUSE Tumbleweed">
+      <Branch Type="Product Name" Name="openSUSE Tumbleweed">
+        <FullProductName ProductID="openSUSE Tumbleweed" CPE="cpe:/o:opensuse:tumbleweed">openSUSE Tumbleweed</FullProductName>
+      </Branch>
+    </Branch>
+    <Branch Type="Product Version" Name="grafana-11.3.0-1.1">
+      <FullProductName ProductID="grafana-11.3.0-1.1">grafana-11.3.0-1.1</FullProductName>
+    </Branch>
+    <Relationship ProductReference="grafana-11.3.0-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:grafana-11.3.0-1.1">grafana-11.3.0-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+  </ProductTree>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="1">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.</Note>
+    </Notes>
+    <CVE>CVE-2024-8118</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:grafana-11.3.0-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-8118.html</URL>
+        <Description>CVE-2024-8118</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1231024</URL>
+        <Description>SUSE Bug 1231024</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="2">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack.  The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.</Note>
+    </Notes>
+    <CVE>CVE-2024-9264</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:grafana-11.3.0-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-9264.html</URL>
+        <Description>CVE-2024-9264</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1231844</URL>
+        <Description>SUSE Bug 1231844</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+</cvrfdoc>
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
--- cvrf-opensuse-su-2024:14431-1.xml	1970-01-01 01:00:00.000000000 +0100
+++ cvrf-opensuse-su-2024:14431-1.xml.new.formatted	2024-10-29 08:22:54.363045000 +0100
@@ -0,0 +1,141 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<cvrfdoc xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:cvrf="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/cvrf" xmlns:cvrf-common="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/common" xmlns:cvssv2="http://scap.nist.gov/schema/cvss-v2/1.0" xmlns:cvssv3="https://www.first.org/cvss/cvss-v3.0.xsd" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:ns0="http://purl.org/dc/elements/1.1/" xmlns:prod="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod" xmlns:scap-core="http://scap.nist.gov/schema/scap-core/1.0" xmlns:sch="http://purl.oclc.org/dsdl/schematron" xmlns:vuln="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/cvrf">
+  <DocumentTitle xml:lang="en">grafana-11.3.0-1.1 on GA media</DocumentTitle>
+  <DocumentType>SUSE Patch</DocumentType>
+  <DocumentPublisher Type="Vendor">
+    <ContactDetails>security@suse.de</ContactDetails>
+    <IssuingAuthority>SUSE Security Team</IssuingAuthority>
+  </DocumentPublisher>
+  <DocumentTracking>
+    <Identification>
+      <ID>openSUSE-SU-2024:14431-1</ID>
+    </Identification>
+    <Status>Final</Status>
+    <Version>1</Version>
+    <RevisionHistory>
+      <Revision>
+        <Number>1</Number>
+        <Date>2024-10-28T00:00:00Z</Date>
+        <Description>current</Description>
+      </Revision>
+    </RevisionHistory>
+    <InitialReleaseDate>2024-10-28T00:00:00Z</InitialReleaseDate>
+    <CurrentReleaseDate>2024-10-28T00:00:00Z</CurrentReleaseDate>
+    <Generator>
+      <Engine>cve-database/bin/generate-cvrf.pl</Engine>
+      <Date>2017-02-24T01:00:00Z</Date>
+    </Generator>
+  </DocumentTracking>
+  <DocumentNotes>
+    <Note Title="Topic" Type="Summary" Ordinal="1" xml:lang="en">grafana-11.3.0-1.1 on GA media</Note>
+    <Note Title="Details" Type="General" Ordinal="2" xml:lang="en">These are all security issues fixed in the grafana-11.3.0-1.1 package on the GA media of openSUSE Tumbleweed.</Note>
+    <Note Title="Terms of Use" Type="Legal Disclaimer" Ordinal="3" xml:lang="en">The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).</Note>
+    <Note Title="Patchnames" Type="Details" Ordinal="4" xml:lang="en">openSUSE-Tumbleweed-2024-14431</Note>
+  </DocumentNotes>
+  <DocumentDistribution xml:lang="en">Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)</DocumentDistribution>
+  <DocumentReferences>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/support/security/rating/</URL>
+      <Description>SUSE Security Ratings</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-8118/</URL>
+      <Description>SUSE CVE CVE-2024-8118 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-9264/</URL>
+      <Description>SUSE CVE CVE-2024-9264 page</Description>
+    </Reference>
+  </DocumentReferences>
+  <ProductTree xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod">
+    <Branch Type="Product Family" Name="openSUSE Tumbleweed">
+      <Branch Type="Product Name" Name="openSUSE Tumbleweed">
+        <FullProductName ProductID="openSUSE Tumbleweed" CPE="cpe:/o:opensuse:tumbleweed">openSUSE Tumbleweed</FullProductName>
+      </Branch>
+    </Branch>
+    <Branch Type="Product Version" Name="grafana-11.3.0-1.1">
+      <FullProductName ProductID="grafana-11.3.0-1.1">grafana-11.3.0-1.1</FullProductName>
+    </Branch>
+    <Relationship ProductReference="grafana-11.3.0-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:grafana-11.3.0-1.1">grafana-11.3.0-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+  </ProductTree>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="1">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.</Note>
+    </Notes>
+    <CVE>CVE-2024-8118</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:grafana-11.3.0-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>4.7</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-8118.html</URL>
+        <Description>CVE-2024-8118</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1231024</URL>
+        <Description>SUSE Bug 1231024</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="2">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack.  The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.</Note>
+    </Notes>
+    <CVE>CVE-2024-9264</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:grafana-11.3.0-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>critical</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>9.9</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-9264.html</URL>
+        <Description>CVE-2024-9264</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1231844</URL>
+        <Description>SUSE Bug 1231844</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+</cvrfdoc>
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
--- cvrf-opensuse-su-2024:14432-1.xml	1970-01-01 01:00:00.000000000 +0100
+++ cvrf-opensuse-su-2024:14432-1.xml.new.formatted	2024-10-29 08:22:54.697041000 +0100
@@ -0,0 +1,263 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
+  <DocumentTitle xml:lang="en">java-11-openjdk-11.0.25.0-1.1 on GA media</DocumentTitle>
+  <DocumentType>SUSE Patch</DocumentType>
+  <DocumentPublisher Type="Vendor">
+    <ContactDetails>security@suse.de</ContactDetails>
+    <IssuingAuthority>SUSE Security Team</IssuingAuthority>
+  </DocumentPublisher>
+  <DocumentTracking>
+    <Identification>
+      <ID>openSUSE-SU-2024:14432-1</ID>
+    </Identification>
+    <Status>Final</Status>
+    <Version>1</Version>
+    <RevisionHistory>
+      <Revision>
+        <Number>1</Number>
+        <Date>2024-10-28T00:00:00Z</Date>
+        <Description>current</Description>
+      </Revision>
+    </RevisionHistory>
+    <InitialReleaseDate>2024-10-28T00:00:00Z</InitialReleaseDate>
+    <CurrentReleaseDate>2024-10-28T00:00:00Z</CurrentReleaseDate>
+    <Generator>
+      <Engine>cve-database/bin/generate-cvrf.pl</Engine>
+      <Date>2017-02-24T01:00:00Z</Date>
+    </Generator>
+  </DocumentTracking>
+  <DocumentNotes>
+    <Note Title="Topic" Type="Summary" Ordinal="1" xml:lang="en">java-11-openjdk-11.0.25.0-1.1 on GA media</Note>
+    <Note Title="Details" Type="General" Ordinal="2" xml:lang="en">These are all security issues fixed in the java-11-openjdk-11.0.25.0-1.1 package on the GA media of openSUSE Tumbleweed.</Note>
+    <Note Title="Terms of Use" Type="Legal Disclaimer" Ordinal="3" xml:lang="en">The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).</Note>
+    <Note Title="Patchnames" Type="Details" Ordinal="4" xml:lang="en">openSUSE-Tumbleweed-2024-14432</Note>
+  </DocumentNotes>
+  <DocumentDistribution xml:lang="en">Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)</DocumentDistribution>
+  <DocumentReferences>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/support/security/rating/</URL>
+      <Description>SUSE Security Ratings</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-21208/</URL>
+      <Description>SUSE CVE CVE-2024-21208 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-21210/</URL>
+      <Description>SUSE CVE CVE-2024-21210 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-21217/</URL>
+      <Description>SUSE CVE CVE-2024-21217 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-21235/</URL>
+      <Description>SUSE CVE CVE-2024-21235 page</Description>
+    </Reference>
+  </DocumentReferences>
+  <ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
+    <Branch Type="Product Family" Name="openSUSE Tumbleweed">
+      <Branch Type="Product Name" Name="openSUSE Tumbleweed">
+        <FullProductName ProductID="openSUSE Tumbleweed" CPE="cpe:/o:opensuse:tumbleweed">openSUSE Tumbleweed</FullProductName>
+      </Branch>
+    </Branch>
+    <Branch Type="Product Version" Name="java-11-openjdk-11.0.25.0-1.1">
+      <FullProductName ProductID="java-11-openjdk-11.0.25.0-1.1">java-11-openjdk-11.0.25.0-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="java-11-openjdk-demo-11.0.25.0-1.1">
+      <FullProductName ProductID="java-11-openjdk-demo-11.0.25.0-1.1">java-11-openjdk-demo-11.0.25.0-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="java-11-openjdk-devel-11.0.25.0-1.1">
+      <FullProductName ProductID="java-11-openjdk-devel-11.0.25.0-1.1">java-11-openjdk-devel-11.0.25.0-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="java-11-openjdk-headless-11.0.25.0-1.1">
+      <FullProductName ProductID="java-11-openjdk-headless-11.0.25.0-1.1">java-11-openjdk-headless-11.0.25.0-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="java-11-openjdk-javadoc-11.0.25.0-1.1">
+      <FullProductName ProductID="java-11-openjdk-javadoc-11.0.25.0-1.1">java-11-openjdk-javadoc-11.0.25.0-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="java-11-openjdk-jmods-11.0.25.0-1.1">
+      <FullProductName ProductID="java-11-openjdk-jmods-11.0.25.0-1.1">java-11-openjdk-jmods-11.0.25.0-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="java-11-openjdk-src-11.0.25.0-1.1">
+      <FullProductName ProductID="java-11-openjdk-src-11.0.25.0-1.1">java-11-openjdk-src-11.0.25.0-1.1</FullProductName>
+    </Branch>
+    <Relationship ProductReference="java-11-openjdk-11.0.25.0-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:java-11-openjdk-11.0.25.0-1.1">java-11-openjdk-11.0.25.0-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="java-11-openjdk-demo-11.0.25.0-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:java-11-openjdk-demo-11.0.25.0-1.1">java-11-openjdk-demo-11.0.25.0-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="java-11-openjdk-devel-11.0.25.0-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:java-11-openjdk-devel-11.0.25.0-1.1">java-11-openjdk-devel-11.0.25.0-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="java-11-openjdk-headless-11.0.25.0-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:java-11-openjdk-headless-11.0.25.0-1.1">java-11-openjdk-headless-11.0.25.0-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="java-11-openjdk-javadoc-11.0.25.0-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.25.0-1.1">java-11-openjdk-javadoc-11.0.25.0-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="java-11-openjdk-jmods-11.0.25.0-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.25.0-1.1">java-11-openjdk-jmods-11.0.25.0-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="java-11-openjdk-src-11.0.25.0-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:java-11-openjdk-src-11.0.25.0-1.1">java-11-openjdk-src-11.0.25.0-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+  </ProductTree>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="1">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).</Note>
+    </Notes>
+    <CVE>CVE-2024-21208</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-demo-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-devel-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-headless-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-src-11.0.25.0-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-21208.html</URL>
+        <Description>CVE-2024-21208</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1231702</URL>
+        <Description>SUSE Bug 1231702</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="2">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Vulnerability in Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and  23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).</Note>
+    </Notes>
+    <CVE>CVE-2024-21210</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-demo-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-devel-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-headless-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-src-11.0.25.0-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-21210.html</URL>
+        <Description>CVE-2024-21210</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1231711</URL>
+        <Description>SUSE Bug 1231711</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="3">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).</Note>
+    </Notes>
+    <CVE>CVE-2024-21217</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-demo-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-devel-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-headless-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-src-11.0.25.0-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-21217.html</URL>
+        <Description>CVE-2024-21217</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1231716</URL>
+        <Description>SUSE Bug 1231716</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="4">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23;   Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23;   Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).</Note>
+    </Notes>
+    <CVE>CVE-2024-21235</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-demo-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-devel-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-headless-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-src-11.0.25.0-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-21235.html</URL>
+        <Description>CVE-2024-21235</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1231719</URL>
+        <Description>SUSE Bug 1231719</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+</cvrfdoc>
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
--- cvrf-opensuse-su-2024:14432-1.xml	1970-01-01 01:00:00.000000000 +0100
+++ cvrf-opensuse-su-2024:14432-1.xml.new.formatted	2024-10-29 08:22:55.061006000 +0100
@@ -0,0 +1,287 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<cvrfdoc xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:cvrf="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/cvrf" xmlns:cvrf-common="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/common" xmlns:cvssv2="http://scap.nist.gov/schema/cvss-v2/1.0" xmlns:cvssv3="https://www.first.org/cvss/cvss-v3.0.xsd" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:ns0="http://purl.org/dc/elements/1.1/" xmlns:prod="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod" xmlns:scap-core="http://scap.nist.gov/schema/scap-core/1.0" xmlns:sch="http://purl.oclc.org/dsdl/schematron" xmlns:vuln="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/cvrf">
+  <DocumentTitle xml:lang="en">java-11-openjdk-11.0.25.0-1.1 on GA media</DocumentTitle>
+  <DocumentType>SUSE Patch</DocumentType>
+  <DocumentPublisher Type="Vendor">
+    <ContactDetails>security@suse.de</ContactDetails>
+    <IssuingAuthority>SUSE Security Team</IssuingAuthority>
+  </DocumentPublisher>
+  <DocumentTracking>
+    <Identification>
+      <ID>openSUSE-SU-2024:14432-1</ID>
+    </Identification>
+    <Status>Final</Status>
+    <Version>1</Version>
+    <RevisionHistory>
+      <Revision>
+        <Number>1</Number>
+        <Date>2024-10-28T00:00:00Z</Date>
+        <Description>current</Description>
+      </Revision>
+    </RevisionHistory>
+    <InitialReleaseDate>2024-10-28T00:00:00Z</InitialReleaseDate>
+    <CurrentReleaseDate>2024-10-28T00:00:00Z</CurrentReleaseDate>
+    <Generator>
+      <Engine>cve-database/bin/generate-cvrf.pl</Engine>
+      <Date>2017-02-24T01:00:00Z</Date>
+    </Generator>
+  </DocumentTracking>
+  <DocumentNotes>
+    <Note Title="Topic" Type="Summary" Ordinal="1" xml:lang="en">java-11-openjdk-11.0.25.0-1.1 on GA media</Note>
+    <Note Title="Details" Type="General" Ordinal="2" xml:lang="en">These are all security issues fixed in the java-11-openjdk-11.0.25.0-1.1 package on the GA media of openSUSE Tumbleweed.</Note>
+    <Note Title="Terms of Use" Type="Legal Disclaimer" Ordinal="3" xml:lang="en">The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).</Note>
+    <Note Title="Patchnames" Type="Details" Ordinal="4" xml:lang="en">openSUSE-Tumbleweed-2024-14432</Note>
+  </DocumentNotes>
+  <DocumentDistribution xml:lang="en">Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)</DocumentDistribution>
+  <DocumentReferences>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/support/security/rating/</URL>
+      <Description>SUSE Security Ratings</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-21208/</URL>
+      <Description>SUSE CVE CVE-2024-21208 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-21210/</URL>
+      <Description>SUSE CVE CVE-2024-21210 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-21217/</URL>
+      <Description>SUSE CVE CVE-2024-21217 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-21235/</URL>
+      <Description>SUSE CVE CVE-2024-21235 page</Description>
+    </Reference>
+  </DocumentReferences>
+  <ProductTree xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod">
+    <Branch Type="Product Family" Name="openSUSE Tumbleweed">
+      <Branch Type="Product Name" Name="openSUSE Tumbleweed">
+        <FullProductName ProductID="openSUSE Tumbleweed" CPE="cpe:/o:opensuse:tumbleweed">openSUSE Tumbleweed</FullProductName>
+      </Branch>
+    </Branch>
+    <Branch Type="Product Version" Name="java-11-openjdk-11.0.25.0-1.1">
+      <FullProductName ProductID="java-11-openjdk-11.0.25.0-1.1">java-11-openjdk-11.0.25.0-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="java-11-openjdk-demo-11.0.25.0-1.1">
+      <FullProductName ProductID="java-11-openjdk-demo-11.0.25.0-1.1">java-11-openjdk-demo-11.0.25.0-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="java-11-openjdk-devel-11.0.25.0-1.1">
+      <FullProductName ProductID="java-11-openjdk-devel-11.0.25.0-1.1">java-11-openjdk-devel-11.0.25.0-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="java-11-openjdk-headless-11.0.25.0-1.1">
+      <FullProductName ProductID="java-11-openjdk-headless-11.0.25.0-1.1">java-11-openjdk-headless-11.0.25.0-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="java-11-openjdk-javadoc-11.0.25.0-1.1">
+      <FullProductName ProductID="java-11-openjdk-javadoc-11.0.25.0-1.1">java-11-openjdk-javadoc-11.0.25.0-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="java-11-openjdk-jmods-11.0.25.0-1.1">
+      <FullProductName ProductID="java-11-openjdk-jmods-11.0.25.0-1.1">java-11-openjdk-jmods-11.0.25.0-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="java-11-openjdk-src-11.0.25.0-1.1">
+      <FullProductName ProductID="java-11-openjdk-src-11.0.25.0-1.1">java-11-openjdk-src-11.0.25.0-1.1</FullProductName>
+    </Branch>
+    <Relationship ProductReference="java-11-openjdk-11.0.25.0-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:java-11-openjdk-11.0.25.0-1.1">java-11-openjdk-11.0.25.0-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="java-11-openjdk-demo-11.0.25.0-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:java-11-openjdk-demo-11.0.25.0-1.1">java-11-openjdk-demo-11.0.25.0-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="java-11-openjdk-devel-11.0.25.0-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:java-11-openjdk-devel-11.0.25.0-1.1">java-11-openjdk-devel-11.0.25.0-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="java-11-openjdk-headless-11.0.25.0-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:java-11-openjdk-headless-11.0.25.0-1.1">java-11-openjdk-headless-11.0.25.0-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="java-11-openjdk-javadoc-11.0.25.0-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.25.0-1.1">java-11-openjdk-javadoc-11.0.25.0-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="java-11-openjdk-jmods-11.0.25.0-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.25.0-1.1">java-11-openjdk-jmods-11.0.25.0-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="java-11-openjdk-src-11.0.25.0-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:java-11-openjdk-src-11.0.25.0-1.1">java-11-openjdk-src-11.0.25.0-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+  </ProductTree>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="1">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).</Note>
+    </Notes>
+    <CVE>CVE-2024-21208</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-demo-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-devel-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-headless-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-src-11.0.25.0-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>3.7</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-21208.html</URL>
+        <Description>CVE-2024-21208</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1231702</URL>
+        <Description>SUSE Bug 1231702</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="2">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Vulnerability in Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and  23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).</Note>
+    </Notes>
+    <CVE>CVE-2024-21210</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-demo-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-devel-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-headless-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-src-11.0.25.0-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>3.7</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-21210.html</URL>
+        <Description>CVE-2024-21210</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1231711</URL>
+        <Description>SUSE Bug 1231711</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="3">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).</Note>
+    </Notes>
+    <CVE>CVE-2024-21217</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-demo-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-devel-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-headless-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-src-11.0.25.0-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>3.7</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-21217.html</URL>
+        <Description>CVE-2024-21217</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1231716</URL>
+        <Description>SUSE Bug 1231716</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="4">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23;   Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23;   Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).</Note>
+    </Notes>
+    <CVE>CVE-2024-21235</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-demo-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-devel-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-headless-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.25.0-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:java-11-openjdk-src-11.0.25.0-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>4.8</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-21235.html</URL>
+        <Description>CVE-2024-21235</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1231719</URL>
+        <Description>SUSE Bug 1231719</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+</cvrfdoc>
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
--- cvrf-opensuse-su-2024:14433-1.xml	1970-01-01 01:00:00.000000000 +0100
+++ cvrf-opensuse-su-2024:14433-1.xml.new.formatted	2024-10-29 08:22:55.375989000 +0100
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
+  <DocumentTitle xml:lang="en">python310-pytest-html-4.1.1-3.1 on GA media</DocumentTitle>
+  <DocumentType>SUSE Patch</DocumentType>
+  <DocumentPublisher Type="Vendor">
+    <ContactDetails>security@suse.de</ContactDetails>
+    <IssuingAuthority>SUSE Security Team</IssuingAuthority>
+  </DocumentPublisher>
+  <DocumentTracking>
+    <Identification>
+      <ID>openSUSE-SU-2024:14433-1</ID>
+    </Identification>
+    <Status>Final</Status>
+    <Version>1</Version>
+    <RevisionHistory>
+      <Revision>
+        <Number>1</Number>
+        <Date>2024-10-28T00:00:00Z</Date>
+        <Description>current</Description>
+      </Revision>
+    </RevisionHistory>
+    <InitialReleaseDate>2024-10-28T00:00:00Z</InitialReleaseDate>
+    <CurrentReleaseDate>2024-10-28T00:00:00Z</CurrentReleaseDate>
+    <Generator>
+      <Engine>cve-database/bin/generate-cvrf.pl</Engine>
+      <Date>2017-02-24T01:00:00Z</Date>
+    </Generator>
+  </DocumentTracking>
+  <DocumentNotes>
+    <Note Title="Topic" Type="Summary" Ordinal="1" xml:lang="en">python310-pytest-html-4.1.1-3.1 on GA media</Note>
+    <Note Title="Details" Type="General" Ordinal="2" xml:lang="en">These are all security issues fixed in the python310-pytest-html-4.1.1-3.1 package on the GA media of openSUSE Tumbleweed.</Note>
+    <Note Title="Terms of Use" Type="Legal Disclaimer" Ordinal="3" xml:lang="en">The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).</Note>
+    <Note Title="Patchnames" Type="Details" Ordinal="4" xml:lang="en">openSUSE-Tumbleweed-2024-14433</Note>
+  </DocumentNotes>
+  <DocumentDistribution xml:lang="en">Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)</DocumentDistribution>
+  <DocumentReferences>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/support/security/rating/</URL>
+      <Description>SUSE Security Ratings</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-48948/</URL>
+      <Description>SUSE CVE CVE-2024-48948 page</Description>
+    </Reference>
+  </DocumentReferences>
+  <ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
+    <Branch Type="Product Family" Name="openSUSE Tumbleweed">
+      <Branch Type="Product Name" Name="openSUSE Tumbleweed">
+        <FullProductName ProductID="openSUSE Tumbleweed" CPE="cpe:/o:opensuse:tumbleweed">openSUSE Tumbleweed</FullProductName>
+      </Branch>
+    </Branch>
+    <Branch Type="Product Version" Name="python310-pytest-html-4.1.1-3.1">
+      <FullProductName ProductID="python310-pytest-html-4.1.1-3.1">python310-pytest-html-4.1.1-3.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python311-pytest-html-4.1.1-3.1">
+      <FullProductName ProductID="python311-pytest-html-4.1.1-3.1">python311-pytest-html-4.1.1-3.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python312-pytest-html-4.1.1-3.1">
+      <FullProductName ProductID="python312-pytest-html-4.1.1-3.1">python312-pytest-html-4.1.1-3.1</FullProductName>
+    </Branch>
+    <Relationship ProductReference="python310-pytest-html-4.1.1-3.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:python310-pytest-html-4.1.1-3.1">python310-pytest-html-4.1.1-3.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="python311-pytest-html-4.1.1-3.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:python311-pytest-html-4.1.1-3.1">python311-pytest-html-4.1.1-3.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="python312-pytest-html-4.1.1-3.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:python312-pytest-html-4.1.1-3.1">python312-pytest-html-4.1.1-3.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+  </ProductTree>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="1">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid.</Note>
+    </Notes>
+    <CVE>CVE-2024-48948</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python310-pytest-html-4.1.1-3.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python311-pytest-html-4.1.1-3.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python312-pytest-html-4.1.1-3.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-48948.html</URL>
+        <Description>CVE-2024-48948</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1231681</URL>
+        <Description>SUSE Bug 1231681</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+</cvrfdoc>
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
--- cvrf-opensuse-su-2024:14433-1.xml	1970-01-01 01:00:00.000000000 +0100
+++ cvrf-opensuse-su-2024:14433-1.xml.new.formatted	2024-10-29 08:22:55.689972000 +0100
@@ -0,0 +1,112 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<cvrfdoc xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:cvrf="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/cvrf" xmlns:cvrf-common="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/common" xmlns:cvssv2="http://scap.nist.gov/schema/cvss-v2/1.0" xmlns:cvssv3="https://www.first.org/cvss/cvss-v3.0.xsd" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:ns0="http://purl.org/dc/elements/1.1/" xmlns:prod="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod" xmlns:scap-core="http://scap.nist.gov/schema/scap-core/1.0" xmlns:sch="http://purl.oclc.org/dsdl/schematron" xmlns:vuln="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/cvrf">
+  <DocumentTitle xml:lang="en">python310-pytest-html-4.1.1-3.1 on GA media</DocumentTitle>
+  <DocumentType>SUSE Patch</DocumentType>
+  <DocumentPublisher Type="Vendor">
+    <ContactDetails>security@suse.de</ContactDetails>
+    <IssuingAuthority>SUSE Security Team</IssuingAuthority>
+  </DocumentPublisher>
+  <DocumentTracking>
+    <Identification>
+      <ID>openSUSE-SU-2024:14433-1</ID>
+    </Identification>
+    <Status>Final</Status>
+    <Version>1</Version>
+    <RevisionHistory>
+      <Revision>
+        <Number>1</Number>
+        <Date>2024-10-28T00:00:00Z</Date>
+        <Description>current</Description>
+      </Revision>
+    </RevisionHistory>
+    <InitialReleaseDate>2024-10-28T00:00:00Z</InitialReleaseDate>
+    <CurrentReleaseDate>2024-10-28T00:00:00Z</CurrentReleaseDate>
+    <Generator>
+      <Engine>cve-database/bin/generate-cvrf.pl</Engine>
+      <Date>2017-02-24T01:00:00Z</Date>
+    </Generator>
+  </DocumentTracking>
+  <DocumentNotes>
+    <Note Title="Topic" Type="Summary" Ordinal="1" xml:lang="en">python310-pytest-html-4.1.1-3.1 on GA media</Note>
+    <Note Title="Details" Type="General" Ordinal="2" xml:lang="en">These are all security issues fixed in the python310-pytest-html-4.1.1-3.1 package on the GA media of openSUSE Tumbleweed.</Note>
+    <Note Title="Terms of Use" Type="Legal Disclaimer" Ordinal="3" xml:lang="en">The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).</Note>
+    <Note Title="Patchnames" Type="Details" Ordinal="4" xml:lang="en">openSUSE-Tumbleweed-2024-14433</Note>
+  </DocumentNotes>
+  <DocumentDistribution xml:lang="en">Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)</DocumentDistribution>
+  <DocumentReferences>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/support/security/rating/</URL>
+      <Description>SUSE Security Ratings</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-48948/</URL>
+      <Description>SUSE CVE CVE-2024-48948 page</Description>
+    </Reference>
+  </DocumentReferences>
+  <ProductTree xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod">
+    <Branch Type="Product Family" Name="openSUSE Tumbleweed">
+      <Branch Type="Product Name" Name="openSUSE Tumbleweed">
+        <FullProductName ProductID="openSUSE Tumbleweed" CPE="cpe:/o:opensuse:tumbleweed">openSUSE Tumbleweed</FullProductName>
+      </Branch>
+    </Branch>
+    <Branch Type="Product Version" Name="python310-pytest-html-4.1.1-3.1">
+      <FullProductName ProductID="python310-pytest-html-4.1.1-3.1">python310-pytest-html-4.1.1-3.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python311-pytest-html-4.1.1-3.1">
+      <FullProductName ProductID="python311-pytest-html-4.1.1-3.1">python311-pytest-html-4.1.1-3.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python312-pytest-html-4.1.1-3.1">
+      <FullProductName ProductID="python312-pytest-html-4.1.1-3.1">python312-pytest-html-4.1.1-3.1</FullProductName>
+    </Branch>
+    <Relationship ProductReference="python310-pytest-html-4.1.1-3.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:python310-pytest-html-4.1.1-3.1">python310-pytest-html-4.1.1-3.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="python311-pytest-html-4.1.1-3.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:python311-pytest-html-4.1.1-3.1">python311-pytest-html-4.1.1-3.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="python312-pytest-html-4.1.1-3.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:python312-pytest-html-4.1.1-3.1">python312-pytest-html-4.1.1-3.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+  </ProductTree>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="1">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid.</Note>
+    </Notes>
+    <CVE>CVE-2024-48948</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python310-pytest-html-4.1.1-3.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python311-pytest-html-4.1.1-3.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python312-pytest-html-4.1.1-3.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>4.8</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-48948.html</URL>
+        <Description>CVE-2024-48948</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1231681</URL>
+        <Description>SUSE Bug 1231681</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+</cvrfdoc>
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
--- cvrf-opensuse-su-2024:14434-1.xml	1970-01-01 01:00:00.000000000 +0100
+++ cvrf-opensuse-su-2024:14434-1.xml.new.formatted	2024-10-29 08:22:56.129454000 +0100
@@ -0,0 +1,1923 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
+  <DocumentTitle xml:lang="en">python314-3.14.0~a1-1.1 on GA media</DocumentTitle>
+  <DocumentType>SUSE Patch</DocumentType>
+  <DocumentPublisher Type="Vendor">
+    <ContactDetails>security@suse.de</ContactDetails>
+    <IssuingAuthority>SUSE Security Team</IssuingAuthority>
+  </DocumentPublisher>
+  <DocumentTracking>
+    <Identification>
+      <ID>openSUSE-SU-2024:14434-1</ID>
+    </Identification>
+    <Status>Final</Status>
+    <Version>1</Version>
+    <RevisionHistory>
+      <Revision>
+        <Number>1</Number>
+        <Date>2024-10-28T00:00:00Z</Date>
+        <Description>current</Description>
+      </Revision>
+    </RevisionHistory>
+    <InitialReleaseDate>2024-10-28T00:00:00Z</InitialReleaseDate>
+    <CurrentReleaseDate>2024-10-28T00:00:00Z</CurrentReleaseDate>
+    <Generator>
+      <Engine>cve-database/bin/generate-cvrf.pl</Engine>
+      <Date>2017-02-24T01:00:00Z</Date>
+    </Generator>
+  </DocumentTracking>
+  <DocumentNotes>
+    <Note Title="Topic" Type="Summary" Ordinal="1" xml:lang="en">python314-3.14.0~a1-1.1 on GA media</Note>
+    <Note Title="Details" Type="General" Ordinal="2" xml:lang="en">These are all security issues fixed in the python314-3.14.0~a1-1.1 package on the GA media of openSUSE Tumbleweed.</Note>
+    <Note Title="Terms of Use" Type="Legal Disclaimer" Ordinal="3" xml:lang="en">The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).</Note>
+    <Note Title="Patchnames" Type="Details" Ordinal="4" xml:lang="en">openSUSE-Tumbleweed-2024-14434</Note>
+  </DocumentNotes>
+  <DocumentDistribution xml:lang="en">Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)</DocumentDistribution>
+  <DocumentReferences>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/support/security/rating/</URL>
+      <Description>SUSE Security Ratings</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2011-3389/</URL>
+      <Description>SUSE CVE CVE-2011-3389 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2011-4944/</URL>
+      <Description>SUSE CVE CVE-2011-4944 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2012-0845/</URL>
+      <Description>SUSE CVE CVE-2012-0845 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2012-1150/</URL>
+      <Description>SUSE CVE CVE-2012-1150 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2013-1752/</URL>
+      <Description>SUSE CVE CVE-2013-1752 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2013-4238/</URL>
+      <Description>SUSE CVE CVE-2013-4238 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2014-2667/</URL>
+      <Description>SUSE CVE CVE-2014-2667 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2014-4650/</URL>
+      <Description>SUSE CVE CVE-2014-4650 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2019-20907/</URL>
+      <Description>SUSE CVE CVE-2019-20907 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2019-5010/</URL>
+      <Description>SUSE CVE CVE-2019-5010 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2019-9947/</URL>
+      <Description>SUSE CVE CVE-2019-9947 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2020-10735/</URL>
+      <Description>SUSE CVE CVE-2020-10735 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2020-15523/</URL>
+      <Description>SUSE CVE CVE-2020-15523 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2020-15801/</URL>
+      <Description>SUSE CVE CVE-2020-15801 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2020-8492/</URL>
+      <Description>SUSE CVE CVE-2020-8492 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2021-23336/</URL>
+      <Description>SUSE CVE CVE-2021-23336 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2021-3177/</URL>
+      <Description>SUSE CVE CVE-2021-3177 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2021-3426/</URL>
+      <Description>SUSE CVE CVE-2021-3426 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2022-25236/</URL>
+      <Description>SUSE CVE CVE-2022-25236 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2022-42919/</URL>
+      <Description>SUSE CVE CVE-2022-42919 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2022-45061/</URL>
+      <Description>SUSE CVE CVE-2022-45061 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2023-0286/</URL>
+      <Description>SUSE CVE CVE-2023-0286 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2023-24329/</URL>
+      <Description>SUSE CVE CVE-2023-24329 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2023-2650/</URL>
+      <Description>SUSE CVE CVE-2023-2650 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2023-27043/</URL>
+      <Description>SUSE CVE CVE-2023-27043 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2023-40217/</URL>
+      <Description>SUSE CVE CVE-2023-40217 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2023-52425/</URL>
+      <Description>SUSE CVE CVE-2023-52425 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-4030/</URL>
+      <Description>SUSE CVE CVE-2024-4030 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-4032/</URL>
+      <Description>SUSE CVE CVE-2024-4032 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-6232/</URL>
+      <Description>SUSE CVE CVE-2024-6232 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-6923/</URL>
+      <Description>SUSE CVE CVE-2024-6923 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-7592/</URL>
+      <Description>SUSE CVE CVE-2024-7592 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-8088/</URL>
+      <Description>SUSE CVE CVE-2024-8088 page</Description>
+    </Reference>
+  </DocumentReferences>
+  <ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
+    <Branch Type="Product Family" Name="openSUSE Tumbleweed">
+      <Branch Type="Product Name" Name="openSUSE Tumbleweed">
+        <FullProductName ProductID="openSUSE Tumbleweed" CPE="cpe:/o:opensuse:tumbleweed">openSUSE Tumbleweed</FullProductName>
+      </Branch>
+    </Branch>
+    <Branch Type="Product Version" Name="python314-3.14.0~a1-1.1">
+      <FullProductName ProductID="python314-3.14.0~a1-1.1">python314-3.14.0~a1-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python314-curses-3.14.0~a1-1.1">
+      <FullProductName ProductID="python314-curses-3.14.0~a1-1.1">python314-curses-3.14.0~a1-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python314-dbm-3.14.0~a1-1.1">
+      <FullProductName ProductID="python314-dbm-3.14.0~a1-1.1">python314-dbm-3.14.0~a1-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python314-idle-3.14.0~a1-1.1">
+      <FullProductName ProductID="python314-idle-3.14.0~a1-1.1">python314-idle-3.14.0~a1-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python314-tk-3.14.0~a1-1.1">
+      <FullProductName ProductID="python314-tk-3.14.0~a1-1.1">python314-tk-3.14.0~a1-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python314-x86-64-v3-3.14.0~a1-1.1">
+      <FullProductName ProductID="python314-x86-64-v3-3.14.0~a1-1.1">python314-x86-64-v3-3.14.0~a1-1.1</FullProductName>
+    </Branch>
+    <Relationship ProductReference="python314-3.14.0~a1-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:python314-3.14.0~a1-1.1">python314-3.14.0~a1-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="python314-curses-3.14.0~a1-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1">python314-curses-3.14.0~a1-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="python314-dbm-3.14.0~a1-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1">python314-dbm-3.14.0~a1-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="python314-idle-3.14.0~a1-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1">python314-idle-3.14.0~a1-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="python314-tk-3.14.0~a1-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1">python314-tk-3.14.0~a1-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="python314-x86-64-v3-3.14.0~a1-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1">python314-x86-64-v3-3.14.0~a1-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+  </ProductTree>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="1">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.</Note>
+    </Notes>
+    <CVE>CVE-2011-3389</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSet>
+        <BaseScore>4.3</BaseScore>
+        <Vector>AV:N/AC:M/Au:N/C:P/I:N/A:N</Vector>
+      </ScoreSet>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2011-3389.html</URL>
+        <Description>CVE-2011-3389</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/716002</URL>
+        <Description>SUSE Bug 716002</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/719047</URL>
+        <Description>SUSE Bug 719047</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/725167</URL>
+        <Description>SUSE Bug 725167</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/726096</URL>
+        <Description>SUSE Bug 726096</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/739248</URL>
+        <Description>SUSE Bug 739248</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/739256</URL>
+        <Description>SUSE Bug 739256</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/742306</URL>
+        <Description>SUSE Bug 742306</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/751718</URL>
+        <Description>SUSE Bug 751718</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/759666</URL>
+        <Description>SUSE Bug 759666</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/763598</URL>
+        <Description>SUSE Bug 763598</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/814655</URL>
+        <Description>SUSE Bug 814655</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="2">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.</Note>
+    </Notes>
+    <CVE>CVE-2011-4944</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSet>
+        <BaseScore>1.9</BaseScore>
+        <Vector>AV:L/AC:M/Au:N/C:P/I:N/A:N</Vector>
+      </ScoreSet>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2011-4944.html</URL>
+        <Description>CVE-2011-4944</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/754447</URL>
+        <Description>SUSE Bug 754447</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="3">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.</Note>
+    </Notes>
+    <CVE>CVE-2012-0845</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSet>
+        <BaseScore>5</BaseScore>
+        <Vector>AV:N/AC:L/Au:N/C:N/I:N/A:P</Vector>
+      </ScoreSet>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2012-0845.html</URL>
+        <Description>CVE-2012-0845</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/747125</URL>
+        <Description>SUSE Bug 747125</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="4">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.</Note>
+    </Notes>
+    <CVE>CVE-2012-1150</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSet>
+        <BaseScore>5</BaseScore>
+        <Vector>AV:N/AC:L/Au:N/C:N/I:N/A:P</Vector>
+      </ScoreSet>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2012-1150.html</URL>
+        <Description>CVE-2012-1150</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/751718</URL>
+        <Description>SUSE Bug 751718</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/755383</URL>
+        <Description>SUSE Bug 755383</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/826682</URL>
+        <Description>SUSE Bug 826682</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="5">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">** REJECT ** Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 "Independently Fixable" in the CVE Counting Decisions.</Note>
+    </Notes>
+    <CVE>CVE-2013-1752</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2013-1752.html</URL>
+        <Description>CVE-2013-1752</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/856835</URL>
+        <Description>SUSE Bug 856835</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/856836</URL>
+        <Description>SUSE Bug 856836</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/863741</URL>
+        <Description>SUSE Bug 863741</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/885882</URL>
+        <Description>SUSE Bug 885882</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/898572</URL>
+        <Description>SUSE Bug 898572</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/912739</URL>
+        <Description>SUSE Bug 912739</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="6">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.</Note>
+    </Notes>
+    <CVE>CVE-2013-4238</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSet>
+        <BaseScore>4.3</BaseScore>
+        <Vector>AV:N/AC:M/Au:N/C:N/I:P/A:N</Vector>
+      </ScoreSet>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2013-4238.html</URL>
+        <Description>CVE-2013-4238</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/834601</URL>
+        <Description>SUSE Bug 834601</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/839107</URL>
+        <Description>SUSE Bug 839107</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/882915</URL>
+        <Description>SUSE Bug 882915</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/912739</URL>
+        <Description>SUSE Bug 912739</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="7">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.</Note>
+    </Notes>
+    <CVE>CVE-2014-2667</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSet>
+        <BaseScore>3.3</BaseScore>
+        <Vector>AV:L/AC:M/Au:N/C:P/I:P/A:N</Vector>
+      </ScoreSet>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2014-2667.html</URL>
+        <Description>CVE-2014-2667</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/871152</URL>
+        <Description>SUSE Bug 871152</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="8">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.</Note>
+    </Notes>
+    <CVE>CVE-2014-4650</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSet>
+        <BaseScore>7.5</BaseScore>
+        <Vector>AV:N/AC:L/Au:N/C:P/I:P/A:P</Vector>
+      </ScoreSet>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2014-4650.html</URL>
+        <Description>CVE-2014-4650</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/856835</URL>
+        <Description>SUSE Bug 856835</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/856836</URL>
+        <Description>SUSE Bug 856836</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/863741</URL>
+        <Description>SUSE Bug 863741</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/885882</URL>
+        <Description>SUSE Bug 885882</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/898572</URL>
+        <Description>SUSE Bug 898572</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/912739</URL>
+        <Description>SUSE Bug 912739</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="9">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.</Note>
+    </Notes>
+    <CVE>CVE-2019-20907</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSet>
+        <BaseScore>5</BaseScore>
+        <Vector>AV:N/AC:L/Au:N/C:N/I:N/A:P</Vector>
+      </ScoreSet>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2019-20907.html</URL>
+        <Description>CVE-2019-20907</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1174091</URL>
+        <Description>SUSE Bug 1174091</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="10">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.</Note>
+    </Notes>
+    <CVE>CVE-2019-5010</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSet>
+        <BaseScore>5</BaseScore>
+        <Vector>AV:N/AC:L/Au:N/C:N/I:N/A:P</Vector>
+      </ScoreSet>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2019-5010.html</URL>
+        <Description>CVE-2019-5010</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1122191</URL>
+        <Description>SUSE Bug 1122191</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1126909</URL>
+        <Description>SUSE Bug 1126909</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="11">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.</Note>
+    </Notes>
+    <CVE>CVE-2019-9947</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSet>
+        <BaseScore>4.3</BaseScore>
+        <Vector>AV:N/AC:M/Au:N/C:N/I:P/A:N</Vector>
+      </ScoreSet>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2019-9947.html</URL>
+        <Description>CVE-2019-9947</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1130840</URL>
+        <Description>SUSE Bug 1130840</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1136184</URL>
+        <Description>SUSE Bug 1136184</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1155094</URL>
+        <Description>SUSE Bug 1155094</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1201559</URL>
+        <Description>SUSE Bug 1201559</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="12">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.</Note>
+    </Notes>
+    <CVE>CVE-2020-10735</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2020-10735.html</URL>
+        <Description>CVE-2020-10735</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1203125</URL>
+        <Description>SUSE Bug 1203125</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1204077</URL>
+        <Description>SUSE Bug 1204077</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1204096</URL>
+        <Description>SUSE Bug 1204096</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1204097</URL>
+        <Description>SUSE Bug 1204097</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1205075</URL>
+        <Description>SUSE Bug 1205075</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1208131</URL>
+        <Description>SUSE Bug 1208131</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="13">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.</Note>
+    </Notes>
+    <CVE>CVE-2020-15523</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSet>
+        <BaseScore>6.9</BaseScore>
+        <Vector>AV:L/AC:M/Au:N/C:C/I:C/A:C</Vector>
+      </ScoreSet>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2020-15523.html</URL>
+        <Description>CVE-2020-15523</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1173745</URL>
+        <Description>SUSE Bug 1173745</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="14">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The &lt;executable-name&gt;._pth file (e.g., the python._pth file) is not affected.</Note>
+    </Notes>
+    <CVE>CVE-2020-15801</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSet>
+        <BaseScore>7.5</BaseScore>
+        <Vector>AV:N/AC:L/Au:N/C:P/I:P/A:P</Vector>
+      </ScoreSet>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2020-15801.html</URL>
+        <Description>CVE-2020-15801</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1174241</URL>
+        <Description>SUSE Bug 1174241</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="15">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.</Note>
+    </Notes>
+    <CVE>CVE-2020-8492</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSet>
+        <BaseScore>7.1</BaseScore>
+        <Vector>AV:N/AC:M/Au:N/C:N/I:N/A:C</Vector>
+      </ScoreSet>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2020-8492.html</URL>
+        <Description>CVE-2020-8492</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1162367</URL>
+        <Description>SUSE Bug 1162367</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="16">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.</Note>
+    </Notes>
+    <CVE>CVE-2021-23336</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSet>
+        <BaseScore>4</BaseScore>
+        <Vector>AV:N/AC:H/Au:N/C:N/I:P/A:P</Vector>
+      </ScoreSet>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2021-23336.html</URL>
+        <Description>CVE-2021-23336</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1182179</URL>
+        <Description>SUSE Bug 1182179</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1182379</URL>
+        <Description>SUSE Bug 1182379</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1182433</URL>
+        <Description>SUSE Bug 1182433</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="17">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.</Note>
+    </Notes>
+    <CVE>CVE-2021-3177</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSet>
+        <BaseScore>7.5</BaseScore>
+        <Vector>AV:N/AC:L/Au:N/C:P/I:P/A:P</Vector>
+      </ScoreSet>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2021-3177.html</URL>
+        <Description>CVE-2021-3177</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1181126</URL>
+        <Description>SUSE Bug 1181126</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="18">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.</Note>
+    </Notes>
+    <CVE>CVE-2021-3426</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSet>
+        <BaseScore>2.7</BaseScore>
+        <Vector>AV:A/AC:L/Au:S/C:P/I:N/A:N</Vector>
+      </ScoreSet>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2021-3426.html</URL>
+        <Description>CVE-2021-3426</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1183374</URL>
+        <Description>SUSE Bug 1183374</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="19">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.</Note>
+    </Notes>
+    <CVE>CVE-2022-25236</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSet>
+        <BaseScore>7.5</BaseScore>
+        <Vector>AV:N/AC:L/Au:N/C:P/I:P/A:P</Vector>
+      </ScoreSet>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2022-25236.html</URL>
+        <Description>CVE-2022-25236</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1196025</URL>
+        <Description>SUSE Bug 1196025</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1196784</URL>
+        <Description>SUSE Bug 1196784</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1197217</URL>
+        <Description>SUSE Bug 1197217</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1200038</URL>
+        <Description>SUSE Bug 1200038</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1201735</URL>
+        <Description>SUSE Bug 1201735</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="20">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.</Note>
+    </Notes>
+    <CVE>CVE-2022-42919</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2022-42919.html</URL>
+        <Description>CVE-2022-42919</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1204886</URL>
+        <Description>SUSE Bug 1204886</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="21">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.</Note>
+    </Notes>
+    <CVE>CVE-2022-45061</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2022-45061.html</URL>
+        <Description>CVE-2022-45061</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1205244</URL>
+        <Description>SUSE Bug 1205244</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1211488</URL>
+        <Description>SUSE Bug 1211488</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="22">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">There is a type confusion vulnerability relating to X.400 address processing
+inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but
+the public structure definition for GENERAL_NAME incorrectly specified the type
+of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by
+the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an
+ASN1_STRING.
+
+When CRL checking is enabled (i.e. the application sets the
+X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass
+arbitrary pointers to a memcmp call, enabling them to read memory contents or
+enact a denial of service. In most cases, the attack requires the attacker to
+provide both the certificate chain and CRL, neither of which need to have a
+valid signature. If the attacker only controls one of these inputs, the other
+input must already contain an X.400 address as a CRL distribution point, which
+is uncommon. As such, this vulnerability is most likely to only affect
+applications which have implemented their own functionality for retrieving CRLs
+over a network.
+
+</Note>
+    </Notes>
+    <CVE>CVE-2023-0286</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2023-0286.html</URL>
+        <Description>CVE-2023-0286</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1207533</URL>
+        <Description>SUSE Bug 1207533</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1207569</URL>
+        <Description>SUSE Bug 1207569</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1211136</URL>
+        <Description>SUSE Bug 1211136</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1211503</URL>
+        <Description>SUSE Bug 1211503</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1213146</URL>
+        <Description>SUSE Bug 1213146</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1214269</URL>
+        <Description>SUSE Bug 1214269</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1218477</URL>
+        <Description>SUSE Bug 1218477</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1218967</URL>
+        <Description>SUSE Bug 1218967</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1225677</URL>
+        <Description>SUSE Bug 1225677</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="23">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.</Note>
+    </Notes>
+    <CVE>CVE-2023-24329</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2023-24329.html</URL>
+        <Description>CVE-2023-24329</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1208471</URL>
+        <Description>SUSE Bug 1208471</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1213553</URL>
+        <Description>SUSE Bug 1213553</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1213554</URL>
+        <Description>SUSE Bug 1213554</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1213839</URL>
+        <Description>SUSE Bug 1213839</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1225672</URL>
+        <Description>SUSE Bug 1225672</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="24">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Issue summary: Processing some specially crafted ASN.1 object identifiers or
+data containing them may be very slow.
+
+Impact summary: Applications that use OBJ_obj2txt() directly, or use any of
+the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message
+size limit may experience notable to very long delays when processing those
+messages, which may lead to a Denial of Service.
+
+An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -
+most of which have no size limit.  OBJ_obj2txt() may be used to translate
+an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL
+type ASN1_OBJECT) to its canonical numeric text form, which are the
+sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by
+periods.
+
+When one of the sub-identifiers in the OBJECT IDENTIFIER is very large
+(these are sizes that are seen as absurdly large, taking up tens or hundreds
+of KiBs), the translation to a decimal number in text may take a very long
+time.  The time complexity is O(n^2) with 'n' being the size of the
+sub-identifiers in bytes (*).
+
+With OpenSSL 3.0, support to fetch cryptographic algorithms using names /
+identifiers in string form was introduced.  This includes using OBJECT
+IDENTIFIERs in canonical numeric text form as identifiers for fetching
+algorithms.
+
+Such OBJECT IDENTIFIERs may be received through the ASN.1 structure
+AlgorithmIdentifier, which is commonly used in multiple protocols to specify
+what cryptographic algorithm should be used to sign or verify, encrypt or
+decrypt, or digest passed data.
+
+Applications that call OBJ_obj2txt() directly with untrusted data are
+affected, with any version of OpenSSL.  If the use is for the mere purpose
+of display, the severity is considered low.
+
+In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,
+CMS, CMP/CRMF or TS.  It also impacts anything that processes X.509
+certificates, including simple things like verifying its signature.
+
+The impact on TLS is relatively low, because all versions of OpenSSL have a
+100KiB limit on the peer's certificate chain.  Additionally, this only
+impacts clients, or servers that have explicitly enabled client
+authentication.
+
+In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,
+such as X.509 certificates.  This is assumed to not happen in such a way
+that it would cause a Denial of Service, so these versions are considered
+not affected by this issue in such a way that it would be cause for concern,
+and the severity is therefore considered low.</Note>
+    </Notes>
+    <CVE>CVE-2023-2650</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2023-2650.html</URL>
+        <Description>CVE-2023-2650</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1211430</URL>
+        <Description>SUSE Bug 1211430</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="25">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.</Note>
+    </Notes>
+    <CVE>CVE-2023-27043</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2023-27043.html</URL>
+        <Description>CVE-2023-27043</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1210638</URL>
+        <Description>SUSE Bug 1210638</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1222537</URL>
+        <Description>SUSE Bug 1222537</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="26">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)</Note>
+    </Notes>
+    <CVE>CVE-2023-40217</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2023-40217.html</URL>
+        <Description>CVE-2023-40217</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1214692</URL>
+        <Description>SUSE Bug 1214692</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1217524</URL>
+        <Description>SUSE Bug 1217524</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1218319</URL>
+        <Description>SUSE Bug 1218319</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1218476</URL>
+        <Description>SUSE Bug 1218476</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1218965</URL>
+        <Description>SUSE Bug 1218965</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1219472</URL>
+        <Description>SUSE Bug 1219472</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1219713</URL>
+        <Description>SUSE Bug 1219713</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1221582</URL>
+        <Description>SUSE Bug 1221582</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1224883</URL>
+        <Description>SUSE Bug 1224883</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="27">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.</Note>
+    </Notes>
+    <CVE>CVE-2023-52425</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2023-52425.html</URL>
+        <Description>CVE-2023-52425</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1219559</URL>
+        <Description>SUSE Bug 1219559</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="28">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.
+
+If you're not using Windows or haven't changed the temporary directory location then you aren't affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.
+
+This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix "700" for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.</Note>
+    </Notes>
+    <CVE>CVE-2024-4030</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-4030.html</URL>
+        <Description>CVE-2024-4030</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1227152</URL>
+        <Description>SUSE Bug 1227152</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="29">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The "ipaddress" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn't be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.
+
+CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.</Note>
+    </Notes>
+    <CVE>CVE-2024-4032</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-4032.html</URL>
+        <Description>CVE-2024-4032</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1226448</URL>
+        <Description>SUSE Bug 1226448</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="30">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">There is a MEDIUM severity vulnerability affecting CPython.
+
+
+
+
+
+Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.</Note>
+    </Notes>
+    <CVE>CVE-2024-6232</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-6232.html</URL>
+        <Description>CVE-2024-6232</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1230227</URL>
+        <Description>SUSE Bug 1230227</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="31">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">There is a MEDIUM severity vulnerability affecting CPython.
+
+The 
+email module didn't properly quote newlines for email headers when 
+serializing an email message allowing for header injection when an email
+ is serialized.</Note>
+    </Notes>
+    <CVE>CVE-2024-6923</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-6923.html</URL>
+        <Description>CVE-2024-6923</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1228780</URL>
+        <Description>SUSE Bug 1228780</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="32">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">There is a LOW severity vulnerability affecting CPython, specifically the
+'http.cookies' standard library module.
+
+
+When parsing cookies that contained backslashes for quoted characters in
+the cookie value, the parser would use an algorithm with quadratic
+complexity, resulting in excess CPU resources being used while parsing the
+value.</Note>
+    </Notes>
+    <CVE>CVE-2024-7592</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-7592.html</URL>
+        <Description>CVE-2024-7592</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1229596</URL>
+        <Description>SUSE Bug 1229596</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="33">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">There is a HIGH severity vulnerability affecting the CPython "zipfile"
+module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected.
+
+
+
+
+
+When iterating over names of entries in a zip archive (for example, methods
+of "zipfile.Path" like "namelist()", "iterdir()", etc)
+the process can be put into an infinite loop with a maliciously crafted
+zip archive. This defect applies when reading only metadata or extracting
+the contents of the zip archive. Programs that are not handling
+user-controlled zip archives are not affected.</Note>
+    </Notes>
+    <CVE>CVE-2024-8088</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-8088.html</URL>
+        <Description>CVE-2024-8088</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1229704</URL>
+        <Description>SUSE Bug 1229704</Description>
+      </Reference>
+    </References>
+  </Vulnerability>
+</cvrfdoc>
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
Use of uninitialized value $_[0] in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 819.
Use of uninitialized value $data in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.18.2/XML/Writer.pm line 352.
Use of uninitialized value $_[0] in print at /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/IO/Handle.pm line 420.
--- cvrf-opensuse-su-2024:14434-1.xml	1970-01-01 01:00:00.000000000 +0100
+++ cvrf-opensuse-su-2024:14434-1.xml.new.formatted	2024-10-29 08:22:56.452466000 +0100
@@ -0,0 +1,2087 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<cvrfdoc xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:cvrf="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/cvrf" xmlns:cvrf-common="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/common" xmlns:cvssv2="http://scap.nist.gov/schema/cvss-v2/1.0" xmlns:cvssv3="https://www.first.org/cvss/cvss-v3.0.xsd" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:ns0="http://purl.org/dc/elements/1.1/" xmlns:prod="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod" xmlns:scap-core="http://scap.nist.gov/schema/scap-core/1.0" xmlns:sch="http://purl.oclc.org/dsdl/schematron" xmlns:vuln="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/cvrf">
+  <DocumentTitle xml:lang="en">python314-3.14.0~a1-1.1 on GA media</DocumentTitle>
+  <DocumentType>SUSE Patch</DocumentType>
+  <DocumentPublisher Type="Vendor">
+    <ContactDetails>security@suse.de</ContactDetails>
+    <IssuingAuthority>SUSE Security Team</IssuingAuthority>
+  </DocumentPublisher>
+  <DocumentTracking>
+    <Identification>
+      <ID>openSUSE-SU-2024:14434-1</ID>
+    </Identification>
+    <Status>Final</Status>
+    <Version>1</Version>
+    <RevisionHistory>
+      <Revision>
+        <Number>1</Number>
+        <Date>2024-10-28T00:00:00Z</Date>
+        <Description>current</Description>
+      </Revision>
+    </RevisionHistory>
+    <InitialReleaseDate>2024-10-28T00:00:00Z</InitialReleaseDate>
+    <CurrentReleaseDate>2024-10-28T00:00:00Z</CurrentReleaseDate>
+    <Generator>
+      <Engine>cve-database/bin/generate-cvrf.pl</Engine>
+      <Date>2017-02-24T01:00:00Z</Date>
+    </Generator>
+  </DocumentTracking>
+  <DocumentNotes>
+    <Note Title="Topic" Type="Summary" Ordinal="1" xml:lang="en">python314-3.14.0~a1-1.1 on GA media</Note>
+    <Note Title="Details" Type="General" Ordinal="2" xml:lang="en">These are all security issues fixed in the python314-3.14.0~a1-1.1 package on the GA media of openSUSE Tumbleweed.</Note>
+    <Note Title="Terms of Use" Type="Legal Disclaimer" Ordinal="3" xml:lang="en">The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).</Note>
+    <Note Title="Patchnames" Type="Details" Ordinal="4" xml:lang="en">openSUSE-Tumbleweed-2024-14434</Note>
+  </DocumentNotes>
+  <DocumentDistribution xml:lang="en">Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)</DocumentDistribution>
+  <DocumentReferences>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/support/security/rating/</URL>
+      <Description>SUSE Security Ratings</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2011-3389/</URL>
+      <Description>SUSE CVE CVE-2011-3389 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2011-4944/</URL>
+      <Description>SUSE CVE CVE-2011-4944 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2012-0845/</URL>
+      <Description>SUSE CVE CVE-2012-0845 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2012-1150/</URL>
+      <Description>SUSE CVE CVE-2012-1150 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2013-1752/</URL>
+      <Description>SUSE CVE CVE-2013-1752 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2013-4238/</URL>
+      <Description>SUSE CVE CVE-2013-4238 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2014-2667/</URL>
+      <Description>SUSE CVE CVE-2014-2667 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2014-4650/</URL>
+      <Description>SUSE CVE CVE-2014-4650 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2019-20907/</URL>
+      <Description>SUSE CVE CVE-2019-20907 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2019-5010/</URL>
+      <Description>SUSE CVE CVE-2019-5010 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2019-9947/</URL>
+      <Description>SUSE CVE CVE-2019-9947 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2020-10735/</URL>
+      <Description>SUSE CVE CVE-2020-10735 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2020-15523/</URL>
+      <Description>SUSE CVE CVE-2020-15523 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2020-15801/</URL>
+      <Description>SUSE CVE CVE-2020-15801 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2020-8492/</URL>
+      <Description>SUSE CVE CVE-2020-8492 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2021-23336/</URL>
+      <Description>SUSE CVE CVE-2021-23336 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2021-3177/</URL>
+      <Description>SUSE CVE CVE-2021-3177 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2021-3426/</URL>
+      <Description>SUSE CVE CVE-2021-3426 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2022-25236/</URL>
+      <Description>SUSE CVE CVE-2022-25236 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2022-42919/</URL>
+      <Description>SUSE CVE CVE-2022-42919 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2022-45061/</URL>
+      <Description>SUSE CVE CVE-2022-45061 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2023-0286/</URL>
+      <Description>SUSE CVE CVE-2023-0286 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2023-24329/</URL>
+      <Description>SUSE CVE CVE-2023-24329 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2023-2650/</URL>
+      <Description>SUSE CVE CVE-2023-2650 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2023-27043/</URL>
+      <Description>SUSE CVE CVE-2023-27043 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2023-40217/</URL>
+      <Description>SUSE CVE CVE-2023-40217 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2023-52425/</URL>
+      <Description>SUSE CVE CVE-2023-52425 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-4030/</URL>
+      <Description>SUSE CVE CVE-2024-4030 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-4032/</URL>
+      <Description>SUSE CVE CVE-2024-4032 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-6232/</URL>
+      <Description>SUSE CVE CVE-2024-6232 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-6923/</URL>
+      <Description>SUSE CVE CVE-2024-6923 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-7592/</URL>
+      <Description>SUSE CVE CVE-2024-7592 page</Description>
+    </Reference>
+    <Reference Type="Self">
+      <URL>https://www.suse.com/security/cve/CVE-2024-8088/</URL>
+      <Description>SUSE CVE CVE-2024-8088 page</Description>
+    </Reference>
+  </DocumentReferences>
+  <ProductTree xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/prod">
+    <Branch Type="Product Family" Name="openSUSE Tumbleweed">
+      <Branch Type="Product Name" Name="openSUSE Tumbleweed">
+        <FullProductName ProductID="openSUSE Tumbleweed" CPE="cpe:/o:opensuse:tumbleweed">openSUSE Tumbleweed</FullProductName>
+      </Branch>
+    </Branch>
+    <Branch Type="Product Version" Name="python314-3.14.0~a1-1.1">
+      <FullProductName ProductID="python314-3.14.0~a1-1.1">python314-3.14.0~a1-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python314-curses-3.14.0~a1-1.1">
+      <FullProductName ProductID="python314-curses-3.14.0~a1-1.1">python314-curses-3.14.0~a1-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python314-dbm-3.14.0~a1-1.1">
+      <FullProductName ProductID="python314-dbm-3.14.0~a1-1.1">python314-dbm-3.14.0~a1-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python314-idle-3.14.0~a1-1.1">
+      <FullProductName ProductID="python314-idle-3.14.0~a1-1.1">python314-idle-3.14.0~a1-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python314-tk-3.14.0~a1-1.1">
+      <FullProductName ProductID="python314-tk-3.14.0~a1-1.1">python314-tk-3.14.0~a1-1.1</FullProductName>
+    </Branch>
+    <Branch Type="Product Version" Name="python314-x86-64-v3-3.14.0~a1-1.1">
+      <FullProductName ProductID="python314-x86-64-v3-3.14.0~a1-1.1">python314-x86-64-v3-3.14.0~a1-1.1</FullProductName>
+    </Branch>
+    <Relationship ProductReference="python314-3.14.0~a1-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:python314-3.14.0~a1-1.1">python314-3.14.0~a1-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="python314-curses-3.14.0~a1-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1">python314-curses-3.14.0~a1-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="python314-dbm-3.14.0~a1-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1">python314-dbm-3.14.0~a1-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="python314-idle-3.14.0~a1-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1">python314-idle-3.14.0~a1-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="python314-tk-3.14.0~a1-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1">python314-tk-3.14.0~a1-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+    <Relationship ProductReference="python314-x86-64-v3-3.14.0~a1-1.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Tumbleweed">
+      <FullProductName ProductID="openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1">python314-x86-64-v3-3.14.0~a1-1.1 as a component of openSUSE Tumbleweed</FullProductName>
+    </Relationship>
+  </ProductTree>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="1">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.</Note>
+    </Notes>
+    <CVE>CVE-2011-3389</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV2>
+        <BaseScoreV2>4.3</BaseScoreV2>
+        <VectorV2>AV:N/AC:M/Au:N/C:P/I:N/A:N</VectorV2>
+      </ScoreSetV2>
+      <ScoreSetV3>
+        <BaseScoreV3>3.7</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2011-3389.html</URL>
+        <Description>CVE-2011-3389</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/716002</URL>
+        <Description>SUSE Bug 716002</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/719047</URL>
+        <Description>SUSE Bug 719047</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/725167</URL>
+        <Description>SUSE Bug 725167</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/726096</URL>
+        <Description>SUSE Bug 726096</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/739248</URL>
+        <Description>SUSE Bug 739248</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/739256</URL>
+        <Description>SUSE Bug 739256</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/742306</URL>
+        <Description>SUSE Bug 742306</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/751718</URL>
+        <Description>SUSE Bug 751718</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/759666</URL>
+        <Description>SUSE Bug 759666</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/763598</URL>
+        <Description>SUSE Bug 763598</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/814655</URL>
+        <Description>SUSE Bug 814655</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="2">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.</Note>
+    </Notes>
+    <CVE>CVE-2011-4944</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>low</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV2>
+        <BaseScoreV2>1.9</BaseScoreV2>
+        <VectorV2>AV:L/AC:M/Au:N/C:P/I:N/A:N</VectorV2>
+      </ScoreSetV2>
+      <ScoreSetV3>
+        <BaseScoreV3>3.3</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2011-4944.html</URL>
+        <Description>CVE-2011-4944</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/754447</URL>
+        <Description>SUSE Bug 754447</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="3">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.</Note>
+    </Notes>
+    <CVE>CVE-2012-0845</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV2>
+        <BaseScoreV2>5</BaseScoreV2>
+        <VectorV2>AV:N/AC:L/Au:N/C:N/I:N/A:P</VectorV2>
+      </ScoreSetV2>
+      <ScoreSetV3>
+        <BaseScoreV3>5.3</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2012-0845.html</URL>
+        <Description>CVE-2012-0845</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/747125</URL>
+        <Description>SUSE Bug 747125</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="4">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.</Note>
+    </Notes>
+    <CVE>CVE-2012-1150</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV2>
+        <BaseScoreV2>5</BaseScoreV2>
+        <VectorV2>AV:N/AC:L/Au:N/C:N/I:N/A:P</VectorV2>
+      </ScoreSetV2>
+      <ScoreSetV3>
+        <BaseScoreV3>5.3</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2012-1150.html</URL>
+        <Description>CVE-2012-1150</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/751718</URL>
+        <Description>SUSE Bug 751718</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/755383</URL>
+        <Description>SUSE Bug 755383</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/826682</URL>
+        <Description>SUSE Bug 826682</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="5">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">** REJECT ** Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 "Independently Fixable" in the CVE Counting Decisions.</Note>
+    </Notes>
+    <CVE>CVE-2013-1752</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>5.3</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2013-1752.html</URL>
+        <Description>CVE-2013-1752</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/856835</URL>
+        <Description>SUSE Bug 856835</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/856836</URL>
+        <Description>SUSE Bug 856836</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/863741</URL>
+        <Description>SUSE Bug 863741</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/885882</URL>
+        <Description>SUSE Bug 885882</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/898572</URL>
+        <Description>SUSE Bug 898572</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/912739</URL>
+        <Description>SUSE Bug 912739</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="6">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.</Note>
+    </Notes>
+    <CVE>CVE-2013-4238</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV2>
+        <BaseScoreV2>4.3</BaseScoreV2>
+        <VectorV2>AV:N/AC:M/Au:N/C:N/I:P/A:N</VectorV2>
+      </ScoreSetV2>
+      <ScoreSetV3>
+        <BaseScoreV3>5.3</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2013-4238.html</URL>
+        <Description>CVE-2013-4238</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/834601</URL>
+        <Description>SUSE Bug 834601</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/839107</URL>
+        <Description>SUSE Bug 839107</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/882915</URL>
+        <Description>SUSE Bug 882915</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/912739</URL>
+        <Description>SUSE Bug 912739</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="7">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.</Note>
+    </Notes>
+    <CVE>CVE-2014-2667</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV2>
+        <BaseScoreV2>3.3</BaseScoreV2>
+        <VectorV2>AV:L/AC:M/Au:N/C:P/I:P/A:N</VectorV2>
+      </ScoreSetV2>
+      <ScoreSetV3>
+        <BaseScoreV3>5.3</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2014-2667.html</URL>
+        <Description>CVE-2014-2667</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/871152</URL>
+        <Description>SUSE Bug 871152</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="8">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.</Note>
+    </Notes>
+    <CVE>CVE-2014-4650</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV2>
+        <BaseScoreV2>7.5</BaseScoreV2>
+        <VectorV2>AV:N/AC:L/Au:N/C:P/I:P/A:P</VectorV2>
+      </ScoreSetV2>
+      <ScoreSetV3>
+        <BaseScoreV3>5.3</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2014-4650.html</URL>
+        <Description>CVE-2014-4650</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/856835</URL>
+        <Description>SUSE Bug 856835</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/856836</URL>
+        <Description>SUSE Bug 856836</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/863741</URL>
+        <Description>SUSE Bug 863741</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/885882</URL>
+        <Description>SUSE Bug 885882</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/898572</URL>
+        <Description>SUSE Bug 898572</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/912739</URL>
+        <Description>SUSE Bug 912739</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="9">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.</Note>
+    </Notes>
+    <CVE>CVE-2019-20907</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV2>
+        <BaseScoreV2>5</BaseScoreV2>
+        <VectorV2>AV:N/AC:L/Au:N/C:N/I:N/A:P</VectorV2>
+      </ScoreSetV2>
+      <ScoreSetV3>
+        <BaseScoreV3>5.3</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2019-20907.html</URL>
+        <Description>CVE-2019-20907</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1174091</URL>
+        <Description>SUSE Bug 1174091</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="10">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.</Note>
+    </Notes>
+    <CVE>CVE-2019-5010</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>important</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV2>
+        <BaseScoreV2>5</BaseScoreV2>
+        <VectorV2>AV:N/AC:L/Au:N/C:N/I:N/A:P</VectorV2>
+      </ScoreSetV2>
+      <ScoreSetV3>
+        <BaseScoreV3>7.5</BaseScoreV3>
+        <VectorV3>CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2019-5010.html</URL>
+        <Description>CVE-2019-5010</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1122191</URL>
+        <Description>SUSE Bug 1122191</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1126909</URL>
+        <Description>SUSE Bug 1126909</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="11">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.</Note>
+    </Notes>
+    <CVE>CVE-2019-9947</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV2>
+        <BaseScoreV2>4.3</BaseScoreV2>
+        <VectorV2>AV:N/AC:M/Au:N/C:N/I:P/A:N</VectorV2>
+      </ScoreSetV2>
+      <ScoreSetV3>
+        <BaseScoreV3>5.4</BaseScoreV3>
+        <VectorV3>CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2019-9947.html</URL>
+        <Description>CVE-2019-9947</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1130840</URL>
+        <Description>SUSE Bug 1130840</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1136184</URL>
+        <Description>SUSE Bug 1136184</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1155094</URL>
+        <Description>SUSE Bug 1155094</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1201559</URL>
+        <Description>SUSE Bug 1201559</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="12">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.</Note>
+    </Notes>
+    <CVE>CVE-2020-10735</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>important</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>7.5</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2020-10735.html</URL>
+        <Description>CVE-2020-10735</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1203125</URL>
+        <Description>SUSE Bug 1203125</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1204077</URL>
+        <Description>SUSE Bug 1204077</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1204096</URL>
+        <Description>SUSE Bug 1204096</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1204097</URL>
+        <Description>SUSE Bug 1204097</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1205075</URL>
+        <Description>SUSE Bug 1205075</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1208131</URL>
+        <Description>SUSE Bug 1208131</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="13">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.</Note>
+    </Notes>
+    <CVE>CVE-2020-15523</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>important</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV2>
+        <BaseScoreV2>6.9</BaseScoreV2>
+        <VectorV2>AV:L/AC:M/Au:N/C:C/I:C/A:C</VectorV2>
+      </ScoreSetV2>
+      <ScoreSetV3>
+        <BaseScoreV3>7.8</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2020-15523.html</URL>
+        <Description>CVE-2020-15523</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1173745</URL>
+        <Description>SUSE Bug 1173745</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="14">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The &lt;executable-name&gt;._pth file (e.g., the python._pth file) is not affected.</Note>
+    </Notes>
+    <CVE>CVE-2020-15801</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>critical</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV2>
+        <BaseScoreV2>7.5</BaseScoreV2>
+        <VectorV2>AV:N/AC:L/Au:N/C:P/I:P/A:P</VectorV2>
+      </ScoreSetV2>
+      <ScoreSetV3>
+        <BaseScoreV3>9.8</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2020-15801.html</URL>
+        <Description>CVE-2020-15801</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1174241</URL>
+        <Description>SUSE Bug 1174241</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="15">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.</Note>
+    </Notes>
+    <CVE>CVE-2020-8492</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV2>
+        <BaseScoreV2>7.1</BaseScoreV2>
+        <VectorV2>AV:N/AC:M/Au:N/C:N/I:N/A:C</VectorV2>
+      </ScoreSetV2>
+      <ScoreSetV3>
+        <BaseScoreV3>6.5</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2020-8492.html</URL>
+        <Description>CVE-2020-8492</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1162367</URL>
+        <Description>SUSE Bug 1162367</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="16">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.</Note>
+    </Notes>
+    <CVE>CVE-2021-23336</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV2>
+        <BaseScoreV2>4</BaseScoreV2>
+        <VectorV2>AV:N/AC:H/Au:N/C:N/I:P/A:P</VectorV2>
+      </ScoreSetV2>
+      <ScoreSetV3>
+        <BaseScoreV3>5.9</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2021-23336.html</URL>
+        <Description>CVE-2021-23336</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1182179</URL>
+        <Description>SUSE Bug 1182179</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1182379</URL>
+        <Description>SUSE Bug 1182379</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1182433</URL>
+        <Description>SUSE Bug 1182433</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="17">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.</Note>
+    </Notes>
+    <CVE>CVE-2021-3177</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV2>
+        <BaseScoreV2>7.5</BaseScoreV2>
+        <VectorV2>AV:N/AC:L/Au:N/C:P/I:P/A:P</VectorV2>
+      </ScoreSetV2>
+      <ScoreSetV3>
+        <BaseScoreV3>5.9</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2021-3177.html</URL>
+        <Description>CVE-2021-3177</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1181126</URL>
+        <Description>SUSE Bug 1181126</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="18">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.</Note>
+    </Notes>
+    <CVE>CVE-2021-3426</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV2>
+        <BaseScoreV2>2.7</BaseScoreV2>
+        <VectorV2>AV:A/AC:L/Au:S/C:P/I:N/A:N</VectorV2>
+      </ScoreSetV2>
+      <ScoreSetV3>
+        <BaseScoreV3>5.5</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2021-3426.html</URL>
+        <Description>CVE-2021-3426</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1183374</URL>
+        <Description>SUSE Bug 1183374</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="19">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.</Note>
+    </Notes>
+    <CVE>CVE-2022-25236</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>important</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV2>
+        <BaseScoreV2>7.5</BaseScoreV2>
+        <VectorV2>AV:N/AC:L/Au:N/C:P/I:P/A:P</VectorV2>
+      </ScoreSetV2>
+      <ScoreSetV3>
+        <BaseScoreV3>7.5</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2022-25236.html</URL>
+        <Description>CVE-2022-25236</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1196025</URL>
+        <Description>SUSE Bug 1196025</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1196784</URL>
+        <Description>SUSE Bug 1196784</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1197217</URL>
+        <Description>SUSE Bug 1197217</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1200038</URL>
+        <Description>SUSE Bug 1200038</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1201735</URL>
+        <Description>SUSE Bug 1201735</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="20">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.</Note>
+    </Notes>
+    <CVE>CVE-2022-42919</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>important</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>7.8</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2022-42919.html</URL>
+        <Description>CVE-2022-42919</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1204886</URL>
+        <Description>SUSE Bug 1204886</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="21">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.</Note>
+    </Notes>
+    <CVE>CVE-2022-45061</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>6.5</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2022-45061.html</URL>
+        <Description>CVE-2022-45061</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1205244</URL>
+        <Description>SUSE Bug 1205244</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1211488</URL>
+        <Description>SUSE Bug 1211488</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="22">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">There is a type confusion vulnerability relating to X.400 address processing
+inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but
+the public structure definition for GENERAL_NAME incorrectly specified the type
+of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by
+the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an
+ASN1_STRING.
+
+When CRL checking is enabled (i.e. the application sets the
+X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass
+arbitrary pointers to a memcmp call, enabling them to read memory contents or
+enact a denial of service. In most cases, the attack requires the attacker to
+provide both the certificate chain and CRL, neither of which need to have a
+valid signature. If the attacker only controls one of these inputs, the other
+input must already contain an X.400 address as a CRL distribution point, which
+is uncommon. As such, this vulnerability is most likely to only affect
+applications which have implemented their own functionality for retrieving CRLs
+over a network.
+
+</Note>
+    </Notes>
+    <CVE>CVE-2023-0286</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>important</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>7.4</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2023-0286.html</URL>
+        <Description>CVE-2023-0286</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1207533</URL>
+        <Description>SUSE Bug 1207533</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1207569</URL>
+        <Description>SUSE Bug 1207569</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1211136</URL>
+        <Description>SUSE Bug 1211136</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1211503</URL>
+        <Description>SUSE Bug 1211503</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1213146</URL>
+        <Description>SUSE Bug 1213146</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1214269</URL>
+        <Description>SUSE Bug 1214269</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1218477</URL>
+        <Description>SUSE Bug 1218477</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1218967</URL>
+        <Description>SUSE Bug 1218967</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1225677</URL>
+        <Description>SUSE Bug 1225677</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="23">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.</Note>
+    </Notes>
+    <CVE>CVE-2023-24329</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>important</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>7.3</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2023-24329.html</URL>
+        <Description>CVE-2023-24329</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1208471</URL>
+        <Description>SUSE Bug 1208471</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1213553</URL>
+        <Description>SUSE Bug 1213553</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1213554</URL>
+        <Description>SUSE Bug 1213554</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1213839</URL>
+        <Description>SUSE Bug 1213839</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1225672</URL>
+        <Description>SUSE Bug 1225672</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="24">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Issue summary: Processing some specially crafted ASN.1 object identifiers or
+data containing them may be very slow.
+
+Impact summary: Applications that use OBJ_obj2txt() directly, or use any of
+the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message
+size limit may experience notable to very long delays when processing those
+messages, which may lead to a Denial of Service.
+
+An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -
+most of which have no size limit.  OBJ_obj2txt() may be used to translate
+an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL
+type ASN1_OBJECT) to its canonical numeric text form, which are the
+sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by
+periods.
+
+When one of the sub-identifiers in the OBJECT IDENTIFIER is very large
+(these are sizes that are seen as absurdly large, taking up tens or hundreds
+of KiBs), the translation to a decimal number in text may take a very long
+time.  The time complexity is O(n^2) with 'n' being the size of the
+sub-identifiers in bytes (*).
+
+With OpenSSL 3.0, support to fetch cryptographic algorithms using names /
+identifiers in string form was introduced.  This includes using OBJECT
+IDENTIFIERs in canonical numeric text form as identifiers for fetching
+algorithms.
+
+Such OBJECT IDENTIFIERs may be received through the ASN.1 structure
+AlgorithmIdentifier, which is commonly used in multiple protocols to specify
+what cryptographic algorithm should be used to sign or verify, encrypt or
+decrypt, or digest passed data.
+
+Applications that call OBJ_obj2txt() directly with untrusted data are
+affected, with any version of OpenSSL.  If the use is for the mere purpose
+of display, the severity is considered low.
+
+In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,
+CMS, CMP/CRMF or TS.  It also impacts anything that processes X.509
+certificates, including simple things like verifying its signature.
+
+The impact on TLS is relatively low, because all versions of OpenSSL have a
+100KiB limit on the peer's certificate chain.  Additionally, this only
+impacts clients, or servers that have explicitly enabled client
+authentication.
+
+In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,
+such as X.509 certificates.  This is assumed to not happen in such a way
+that it would cause a Denial of Service, so these versions are considered
+not affected by this issue in such a way that it would be cause for concern,
+and the severity is therefore considered low.</Note>
+    </Notes>
+    <CVE>CVE-2023-2650</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>6.5</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2023-2650.html</URL>
+        <Description>CVE-2023-2650</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1211430</URL>
+        <Description>SUSE Bug 1211430</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="25">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.</Note>
+    </Notes>
+    <CVE>CVE-2023-27043</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>5.3</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2023-27043.html</URL>
+        <Description>CVE-2023-27043</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1210638</URL>
+        <Description>SUSE Bug 1210638</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1222537</URL>
+        <Description>SUSE Bug 1222537</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="26">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)</Note>
+    </Notes>
+    <CVE>CVE-2023-40217</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>important</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>7.4</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2023-40217.html</URL>
+        <Description>CVE-2023-40217</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1214692</URL>
+        <Description>SUSE Bug 1214692</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1217524</URL>
+        <Description>SUSE Bug 1217524</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1218319</URL>
+        <Description>SUSE Bug 1218319</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1218476</URL>
+        <Description>SUSE Bug 1218476</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1218965</URL>
+        <Description>SUSE Bug 1218965</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1219472</URL>
+        <Description>SUSE Bug 1219472</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1219713</URL>
+        <Description>SUSE Bug 1219713</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1221582</URL>
+        <Description>SUSE Bug 1221582</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1224883</URL>
+        <Description>SUSE Bug 1224883</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="27">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.</Note>
+    </Notes>
+    <CVE>CVE-2023-52425</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>5.5</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2023-52425.html</URL>
+        <Description>CVE-2023-52425</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1219559</URL>
+        <Description>SUSE Bug 1219559</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="28">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.
+
+If you're not using Windows or haven't changed the temporary directory location then you aren't affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.
+
+This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix "700" for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.</Note>
+    </Notes>
+    <CVE>CVE-2024-4030</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>4.4</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-4030.html</URL>
+        <Description>CVE-2024-4030</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1227152</URL>
+        <Description>SUSE Bug 1227152</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="29">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The "ipaddress" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn't be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.
+
+CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.</Note>
+    </Notes>
+    <CVE>CVE-2024-4032</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>low</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>3.7</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-4032.html</URL>
+        <Description>CVE-2024-4032</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1226448</URL>
+        <Description>SUSE Bug 1226448</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="30">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">There is a MEDIUM severity vulnerability affecting CPython.
+
+
+
+
+
+Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.</Note>
+    </Notes>
+    <CVE>CVE-2024-6232</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>7.5</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-6232.html</URL>
+        <Description>CVE-2024-6232</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1230227</URL>
+        <Description>SUSE Bug 1230227</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="31">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">There is a MEDIUM severity vulnerability affecting CPython.
+
+The 
+email module didn't properly quote newlines for email headers when 
+serializing an email message allowing for header injection when an email
+ is serialized.</Note>
+    </Notes>
+    <CVE>CVE-2024-6923</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>important</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>7.5</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-6923.html</URL>
+        <Description>CVE-2024-6923</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1228780</URL>
+        <Description>SUSE Bug 1228780</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="32">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">There is a LOW severity vulnerability affecting CPython, specifically the
+'http.cookies' standard library module.
+
+
+When parsing cookies that contained backslashes for quoted characters in
+the cookie value, the parser would use an algorithm with quadratic
+complexity, resulting in excess CPU resources being used while parsing the
+value.</Note>
+    </Notes>
+    <CVE>CVE-2024-7592</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>2.6</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-7592.html</URL>
+        <Description>CVE-2024-7592</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1229596</URL>
+        <Description>SUSE Bug 1229596</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+  <vuln:Vulnerability xmlns="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/vuln" Ordinal="33">
+    <Notes>
+      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">There is a HIGH severity vulnerability affecting the CPython "zipfile"
+module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected.
+
+
+
+
+
+When iterating over names of entries in a zip archive (for example, methods
+of "zipfile.Path" like "namelist()", "iterdir()", etc)
+the process can be put into an infinite loop with a maliciously crafted
+zip archive. This defect applies when reading only metadata or extracting
+the contents of the zip archive. Programs that are not handling
+user-controlled zip archives are not affected.</Note>
+    </Notes>
+    <CVE>CVE-2024-8088</CVE>
+    <ProductStatuses>
+      <Status Type="Fixed">
+        <ProductID>openSUSE Tumbleweed:python314-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1</ProductID>
+        <ProductID>openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1</ProductID>
+      </Status>
+    </ProductStatuses>
+    <Threats>
+      <Threat Type="Impact">
+        <Description>moderate</Description>
+      </Threat>
+    </Threats>
+    <CVSSScoreSets>
+      <ScoreSetV3>
+        <BaseScoreV3>5.3</BaseScoreV3>
+        <VectorV3>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H</VectorV3>
+      </ScoreSetV3>
+    </CVSSScoreSets>
+    <Remediations>
+      <Remediation Type="Vendor Fix">
+        <Description xml:lang="en">To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
+</Description>
+        <URL/>
+      </Remediation>
+    </Remediations>
+    <References>
+      <Reference>
+        <URL>https://www.suse.com/security/cve/CVE-2024-8088.html</URL>
+        <Description>CVE-2024-8088</Description>
+      </Reference>
+      <Reference>
+        <URL>https://bugzilla.suse.com/1229704</URL>
+        <Description>SUSE Bug 1229704</Description>
+      </Reference>
+    </References>
+  </vuln:Vulnerability>
+</cvrfdoc>
SUCCESS