An update for python-sqlalchemy is now available for openEuler-20.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1039 Final 1.0 1.0 2021-02-10 Initial 2021-02-10 2021-02-10 openEuler SA Tool V1.0 2021-02-10 python-sqlalchemy security update An update for python-sqlalchemy is now available for openEuler-20.03-LTS. SQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible, high-level interface to SQL databases. It contains a powerful mapping layer that users can choose to work as automatically or as manually, determining relationships based on foreign keys or to bridge the gap between database and domain by letting you define the join conditions explicitly.\r\n\r\n Security Fix(es):\r\n\r\n SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.(CVE-2019-7164)\r\n\r\n An update for python-sqlalchemy is now available for openEuler-20.03-LTS.\r\n\r\n openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical python-sqlalchemy https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1039 https://openeuler.org/en/security/cve/detail.html?id=CVE-2019-7164 https://nvd.nist.gov/vuln/detail/CVE-2019-7164 openEuler-20.03-LTS python3-sqlalchemy-1.2.19-3.oe1.aarch64.rpm python-sqlalchemy-debugsource-1.2.19-3.oe1.aarch64.rpm python-sqlalchemy-debuginfo-1.2.19-3.oe1.aarch64.rpm python2-sqlalchemy-1.2.19-3.oe1.aarch64.rpm python-sqlalchemy-help-1.2.19-3.oe1.noarch.rpm python-sqlalchemy-1.2.19-3.oe1.src.rpm python3-sqlalchemy-1.2.19-3.oe1.x86_64.rpm python-sqlalchemy-debuginfo-1.2.19-3.oe1.x86_64.rpm python2-sqlalchemy-1.2.19-3.oe1.x86_64.rpm python-sqlalchemy-debugsource-1.2.19-3.oe1.x86_64.rpm SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. 2021-02-10 CVE-2019-7164 openEuler-20.03-LTS Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H python-sqlalchemy security update 2021-02-10 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1039