declarations are automatically closed, tags are ignored

(CVE-2025-6069, bsc#1244705). - Remove upstreamed patches: - CVE-2025-8194-tarfile-no-neg-offsets.patch - CVE-2025-6069-quad-complex-HTMLParser.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python313?expand=0&rev=116
2025-08-07 10:56:04 +00:00
parent 4a974dadae
commit 588cd5ec7f
5 changed files with 71 additions and 318 deletions
--- a/python313.changes
+++ b/python313.changes
@@ -27,7 +27,8 @@ Thu Aug  7 10:08:11 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
    - gh-135462: Fix quadratic complexity in processing specially
      crafted input in html.parser.HTMLParser. End-of-file errors
      are now handled according to the HTML5 specs – comments and
-      declarations are automatically closed, tags are ignored.
+      declarations are automatically closed, tags are ignored
+      (CVE-2025-6069, bsc#1244705).
    - gh-118350: Fix support of escapable raw text mode (elements
      “textarea” and “title”) in html.parser.HTMLParser.
  - Core and Builtins
@@ -202,7 +203,9 @@ Thu Aug  7 10:08:11 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
  - Build
    - gh-135497: Fix the detection of MAXLOGNAME in the
      configure.ac script.
- Remove CVE-2025-8194-tarfile-no-neg-offsets.patch
+- Remove upstreamed patches:
+  - CVE-2025-8194-tarfile-no-neg-offsets.patch
+  - CVE-2025-6069-quad-complex-HTMLParser.patch

 -------------------------------------------------------------------
 Fri Aug  1 20:09:24 UTC 2025 - Matej Cepl <mcepl@cepl.eu>