Sync from SUSE:ALP:Source:Standard:1.0 python311 revision fb279fc3a9d2478dfa4d8ba995c1fba4

2026-01-08 16:22:10 +01:00
parent a306375b7d
commit e365ee5585
5 changed files with 431 additions and 0 deletions
--- a/python311.changes
+++ b/python311.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Thu Dec 18 10:33:44 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Add CVE-2025-13836-http-resp-cont-len.patch (bsc#1254400,
+  CVE-2025-13836) to prevent reading an HTTP response from
+  a server, if no read amount is specified, with using
+  Content-Length per default as the length.
+- Add CVE-2025-12084-minidom-quad-search.patch prevent quadratic
+  behavior in node ID cache clearing (CVE-2025-12084,
+  bsc#1254997).
+- Add CVE-2025-13837-plistlib-mailicious-length.patch protect
+  against OOM when loading malicious content (CVE-2025-13837,
+  bsc#1254401).
+
 -------------------------------------------------------------------
 Thu Nov 13 17:13:03 UTC 2025 - Matej Cepl <mcepl@cepl.eu>