python-interpreters/python310
SHA256
6
0
Fork 0
forked from pool/python310
Code Pull Requests Activity

Fix CVE-2025-13836, CVE-2025-12084, and CVE-2025-13837.

Browse Source 
- Add CVE-2025-13836-http-resp-cont-len.patch (bsc#1254400,
  CVE-2025-13836) to prevent reading an HTTP response from
  a server, if no read amount is specified, with using
  Content-Length per default as the length.
- Add CVE-2025-12084-minidom-quad-search.patch prevent quadratic
  behavior in node ID cache clearing (CVE-2025-12084,
  bsc#1254997).
- Add CVE-2025-13837-plistlib-mailicious-length.patch protect
  against OOM when loading malicious content (CVE-2025-13837,
  bsc#1254401).
This commit is contained in:
Matej Cepl
2025-12-18 16:07:31 +01:00
parent d6395a2d78
commit 022658b5d0
9 changed files with 935 additions and 505 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
python310.changes
View File

@@ -1,3 +1,17 @@
-------------------------------------------------------------------
Thu Dec 18 10:33:44 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
- Add CVE-2025-13836-http-resp-cont-len.patch (bsc#1254400,
CVE-2025-13836) to prevent reading an HTTP response from
a server, if no read amount is specified, with using
Content-Length per default as the length.
- Add CVE-2025-12084-minidom-quad-search.patch prevent quadratic
behavior in node ID cache clearing (CVE-2025-12084,
bsc#1254997).
- Add CVE-2025-13837-plistlib-mailicious-length.patch protect
against OOM when loading malicious content (CVE-2025-13837,
bsc#1254401).
-------------------------------------------------------------------
Thu Dec 18 15:53:59 CET 2025 - Matej Cepl <mcepl@suse.com>
-