SHA256
1
0
python311/Python-3.11.1.tar.xz.asc

17 lines
833 B
Plaintext
Raw Normal View History

- Update to 3.11.1: - python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server lo This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before printin - Avoid publishing list of active per-interpreter audit hooks via the gc module - The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name (CVE-2022-45061). - Update bundled libexpat to 2.5.0 - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. Issue reported and initial fix by Caleb Shortt. Patch by Victor Stinner. - Fix a crash when an object which does not have a dictionary frees its instance values. - Fix a bug in the tokenizer that could cause infinite recursion when showing syntax warnings that happen in the first line of the source. Patch by Pablo Galindo - Fix an issue that could cause frames to be visible to Python code as they are being torn down, possibly leading to memory corruption or hard crashes of the interpreter. - Fix a reference bug in _imp.create_builtin() after the OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=40
2022-12-08 16:05:06 +01:00
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmOPlhsACgkQ/+h0BBaL
2EdY5w/+KKZY3ghMcjuxxF4o9CylFvhHGI7LP6FKZE5xnGtSZ2cXjcad+FwFMnFS
JE5fLpPD3xmkRoCIOwVKIos4l/chfAIE8gNlTBFOAwUYP0uVpA+SYNDOciT64Apj
32jELwHJJVgjG21Lubx35kOtmQa884hBB9T8RsovL35PhFvspSvTx8U+YfGKIZzG
liWwj/gBMMGd3p6pvz9UQsnqBLAfw50M6BDDQrQtoIDnw2R5s8oBqYa7uiRBzQch
dUGUm/gt9lBTI0fT3ZgCMD3Zu2et252nsbzMYgBuPSg6SlT63wHktzq1aewQ2lL2
VcBBbIf4hpkL5QnPgzKuiHcU7tBeRngTaWhw0Nc8kfGuz56HsEJJyhaHtD5mlCx9
0treI/NPAeA8KcrpnkufTpMCee7/R7CfH/dNp29yJlhbC+WYMbr6s600jJISf6zn
s0C40/MGLvVwIgT6HBkXkDL0Lii8vxc3w5smLiQ4xvQSHSS/fkP2qIDUhrX0eUlq
atacso0j7XAKYWBRHT70ZeXIN4UJuQ+dfK7xAC+bmyo9X9jcpUeozws8OvczYBRq
2qk4hCFFP/WgZ/MBiVoe2xmC6+ak2gH6xX6w2bB0/4Dc6KBMxWyUmRPuBVvx/cCp
AwXvH94gZl9wj/tmvOoZNqaMFG3tWuWo7+YzosWOBHAoUk8ILNM=
=ZuYB
-----END PGP SIGNATURE-----