[Buildroot] [git commit branch/2022.02.x] package/python3: security bump to version 3.10.8

Peter Korsgaard peter at korsgaard.com
Wed Nov 2 23:01:27 UTC 2022 

commit: https://git.buildroot.net/buildroot/commit/?id=2320526f94f2ce7ad39611a16fc3ce53d0cbd0cc
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2022.02.x

Fixes the following security issues:

- CVE-2022-40674: bundled libexpat was upgraded from 2.4.7 to 2.4.9 which
  fixes a heap use-after-free vulnerability in function doContent

- gh-97616: a fix for a possible buffer overflow in list *= int

- gh-97612: a fix for possible shell injection in the example script
  get-remote-certificate.py(this issue originally had a CVE assigned to it,
  which its author withdrew)

- gh-96577: a fix for a potential buffer overrun in msilib

License hash changed due to links in license text being changed from
http to https:
https://github.com/python/cpython/commit/96f8d3619d839266491b722b943de65892bb0e81

Signed-off-by: James Hilliard <james.hilliard1 at gmail.com>
[Peter: mark as security bump]
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
(cherry picked from commit 72e8471b5cf4a011cd87692719bd4f69d9cc526c)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 package/python3/python3.hash | 4 ++--
 package/python3/python3.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/python3/python3.hash b/package/python3/python3.hash
index c625e7a8ea..f9b8e2ec8d 100644
--- a/package/python3/python3.hash
+++ b/package/python3/python3.hash
@@ -1,3 +1,3 @@
 # Locally computed
-sha256  6eed8415b7516fb2f260906db5d48dd4c06acc0cb24a7d6cc15296a604dcdc48  Python-3.10.7.tar.xz
-sha256  f03e17cd594c2085f66a454e695c7ebe5b4d3c0eff534f4f194abc2fd164621b  LICENSE
+sha256  6a30ecde59c47048013eb5a658c9b5dec277203d2793667f578df7671f7f03f3  Python-3.10.8.tar.xz
+sha256  d4a223f033419313218c9b8444167e91e87a5bebdb43fb8490df441df5220a8b  LICENSE
diff --git a/package/python3/python3.mk b/package/python3/python3.mk
index 9fd0777be6..7cea4329e7 100644
--- a/package/python3/python3.mk
+++ b/package/python3/python3.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 PYTHON3_VERSION_MAJOR = 3.10
-PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).7
+PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).8
 PYTHON3_SOURCE = Python-$(PYTHON3_VERSION).tar.xz
 PYTHON3_SITE = https://python.org/ftp/python/$(PYTHON3_VERSION)
 PYTHON3_LICENSE = Python-2.0, others

More information about the buildroot mailing list