[Buildroot] [PATCH 1/1] package/python3: security bump version to 3.11.4
Peter Korsgaard
peter at korsgaard.com
Thu Jul 6 09:24:59 UTC 2023
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls at t-online.de> writes:
>> Rebased two patches.
>> Changelog:
>> https://docs.python.org/release/3.11.4/whatsnew/changelog.html#python-3-11-4
>> Fixes the following security problems:
>> - gh-99889: Fixed a security in flaw in uu.decode() that could allow for
>> directory traversal based on the input if no out_file was specified.
>> - gh-104049: Do not expose the local on-disk location in directory
>> indexes produced by http.client.SimpleHTTPRequestHandler.
>> - gh-102153: urllib.parse.urlsplit() now strips leading C0 control and
>> space characters following the specification for URLs defined by WHATWG
>> in response to CVE-2023-24329. Patch by Illia Volochii.
>> Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
> Committed, thanks.
Committed to 2023.02.x and 2023.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list