An update for python-pip is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1284 Final 1.0 1.0 2021-07-31 Initial 2021-07-31 2021-07-31 openEuler SA Tool V1.0 2021-07-31 python-pip security update An update for python-pip is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. Security Fix(es): A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.(CVE-2021-3572) An update for python-pip is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium python-pip https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1284 https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 python-pip-wheel-20.2.2-2.oe1.noarch.rpm python-pip-help-20.2.2-2.oe1.noarch.rpm python3-pip-20.2.2-2.oe1.noarch.rpm python2-pip-20.2.2-2.oe1.noarch.rpm python-pip-wheel-20.2.2-2.oe1.noarch.rpm python2-pip-20.2.2-2.oe1.noarch.rpm python-pip-help-20.2.2-2.oe1.noarch.rpm python3-pip-20.2.2-2.oe1.noarch.rpm python-pip-20.2.2-2.oe1.src.rpm python-pip-20.2.2-2.oe1.src.rpm A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. 2021-07-31 CVE-2021-3572 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 4.5 AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N python-pip security update 2021-07-31 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1284