pool/python39
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix *.changes

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=177
This commit is contained in:
Matej Cepl 2024-03-22 09:05:09 +00:00 committed by Git OBS Bridge
parent e6aa51477e
commit 731de38310
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
python39.changes
View File

@ -4,7 +4,7 @@ Thu Mar 21 20:24:05 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
- Update to 3.9.19: - Update to 3.9.19:
- Security - Security
- gh-115398: Allow controlling Expat >=2.6.0 reparse deferral - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
(CVE-2023-52425) by adding five new methods: (CVE-2023-52425, bsc#1219559) by adding five new methods:
xml.etree.ElementTree.XMLParser.flush() xml.etree.ElementTree.XMLParser.flush()
xml.etree.ElementTree.XMLPullParser.flush() xml.etree.ElementTree.XMLPullParser.flush()
xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
@ -25,8 +25,9 @@ Thu Mar 21 20:24:05 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
specific value (UINT_MAX). Fix an integer overflow in specific value (UINT_MAX). Fix an integer overflow in
socket.if_indextoname() on 64-bit non-Windows platforms. socket.if_indextoname() on 64-bit non-Windows platforms.
- gh-109858: Protect zipfile from “quoted-overlap” - gh-109858: Protect zipfile from “quoted-overlap”
zipbomb. It now raises BadZipFile when try to read an entry zipbomb. It now raises BadZipFile when try to read an
that overlaps with other entry or central directory. entry that overlaps with other entry or central directory
(CVE-2024-0450, bsc#1221854).
- gh-107077: Seems that in some conditions, OpenSSL will - gh-107077: Seems that in some conditions, OpenSSL will
return SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL return SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL
when a certification verification has failed, but when a certification verification has failed, but
@ -36,7 +37,8 @@ Thu Mar 21 20:24:05 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
ssl.SSLCertVerificationError. Patch by Pablo Galindo ssl.SSLCertVerificationError. Patch by Pablo Galindo
- gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup,
which now no longer dereferences symlinks when working which now no longer dereferences symlinks when working
around file system permission errors. around file system permission errors (CVE-2023-6597,
bsc#1219666).
- Documentation - Documentation
- gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under
“XML vulnerabilities”. “XML vulnerabilities”.