python38/Python-3.8.16.tar.xz.asc
Matej Cepl c462da06b7 - Update to 3.8.16:
- python -m http.server no longer allows terminal
    control characters sent within a garbage request to be
    printed to the stderr server log.
    This is done by changing the http.server
    BaseHTTPRequestHandler .log_message method to replace control
    characters with a \xHH hex escape before printing.
  - Avoid publishing list of active per-interpreter
    audit hooks via the gc module
  - The IDNA codec decoder used on DNS hostnames by
    socket or asyncio related name resolution functions no
    longer involves a quadratic algorithm. This prevents a
    potential CPU denial of service if an out-of-spec excessive
    length hostname involving bidirectional characters were
    decoded. Some protocols such as urllib http 3xx redirects
    potentially allow for an attacker to supply such a
    name (CVE-2022-45061).
  - Update bundled libexpat to 2.5.0
  - Port XKCP’s fix for the buffer overflows in SHA-3
    (CVE-2022-37454).
  - The deprecated mailcap module now refuses to inject
    unsafe text (filenames, MIME types, parameters) into shell
    commands. Instead of using such text, it will warn and act
    as if a match was not found (or for test commands, as if the
    test failed).
- Removed upstream patches:
  - CVE-2022-37454-sha3-buffer-overflow.patch
  - CVE-2022-45061-DoS-by-IDNA-decode.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=115
2022-12-08 10:36:29 +00:00

17 lines
833 B
Plaintext

-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmOPlyYACgkQsmmV4xAl
BWhZ3RAAhtzObFVyAJIjaNHSnYClAq39NFOvAA2oFmTbNorF/sHAbV///9Zmm2we
prT8gWUJJtPeX1+J3lj0GokthB/YggLIF6MjTL9klamXUWZrdsv8jM00T+nXMHU3
Y4pgi0zXX4fhb5iOWeLli99T40+a/8AgbqVC0cv5d6Yk+CncYY2XsNoBuNC4dOoL
FaSQMZUsTYf4CoZyHbAN3hs5kshaZRufAJ/LGDlZU3+luuy1PU4uNzqSSY6XMw4L
Ar+tukCXwqIOu4baq2BYUF5VjfZrgviC7NxHZBeKuGQ3v7X0HmOWOxG59s1cmJkA
CbyK3z/LRVmA33YyhU60QaqfUYHXhNZaMgEku2m3XTRaRkjF+Wg/LAtu01usOrYG
BYivpD7yhVqXXvwWV3Y+lpcu8DhZTtXM3hTrN6XErLiYnN1G7sduSNabnOke6Td/
p0Ki1UE4Ts+P8yN85/uHiGbjDejU2SRlAuWeSmeIKIyTUNPJoM5OSK9K6FgqxZef
OYFDWVZg0Dll5bLU+f/Lw8mXVwF7dX2OUPeXauPm3LhKRHIYpfeuQ+PkP9KeIJn5
DwfdvcKw3jVttopWgTS/pT6vu8zgOAZ6kuzhf/s+q8mB3cQRjfn7BMq/PFcNNZJG
iLzJ2C5Q7tNn/5elUaV8TOPa2JwmiPViitE4OHqB+sH591JIh+g=
=DwHA
-----END PGP SIGNATURE-----