python-interpreters/python310
SHA256
7
0
Fork 0
forked from pool/python310
Code Pull Requests Activity

Set link to python310.30576 via maintenance_release request

Browse Source
This commit is contained in:
Ruediger Oertel
2023-09-27 16:43:48 +00:00
committed by Matěj Cepl
parent 8bdb667986
commit aa5d3ba9db
10 changed files with 650 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
python310.changes
View File

@@ -1,3 +1,44 @@
-------------------------------------------------------------------
Mon Sep 4 13:18:29 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
- Update to 3.10.13 (bsc#1214692):
- gh-108310: Fixed an issue where instances of ssl.SSLSocket were
vulnerable to a bypass of the TLS handshake and included
protections (like certificate verification) and treating sent
unencrypted data as if it were post-handshake TLS encrypted data.
Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
Gregory P. Smith.
- gh-107845: tarfile.data_filter() now takes the location of
symlinks into account when determining their target, so it will no
longer reject some valid tarballs with
LinkOutsideDestinationError.
- gh-107565: Update multissltests and GitHub CI workflows to use
OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
- gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data:
*consumed was not set.
-------------------------------------------------------------------
Thu Aug 3 14:13:30 UTC 2023 - Matej Cepl <mcepl@suse.com>
- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941)
partially reverting CVE-2023-27043-email-parsing-errors.patch,
because of the regression in gh#python/cpython#106669.
-------------------------------------------------------------------
Wed Jul 19 11:15:39 UTC 2023 - Matej Cepl <mcepl@suse.com>
- Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for
stabilizing FLAG_REF usage (required for reproduceability;
bsc#1213463).
-------------------------------------------------------------------
Tue Jul 11 07:35:18 UTC 2023 - Matej Cepl <mcepl@suse.com>
- (bsc#1210638, CVE-2023-27043) Add
CVE-2023-27043-email-parsing-errors.patch, which detects email
address parsing errors and returns empty tuple to indicate the
parsing error (old API).
-------------------------------------------------------------------
Wed Jun 28 16:57:46 UTC 2023 - Matej Cepl <mcepl@suse.com>