Sync from SUSE:SLFO:Main python313 revision 13c51d6d24a5108bc9042a7d6fb5aeb4

2025-07-18 11:40:31 +02:00
parent 6fe6053eb5
commit 5ef0b0ecff
4 changed files with 329 additions and 4 deletions
--- a/python313.changes
+++ b/python313.changes
@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Thu Jul 10 09:33:26 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Fix gil/nogil package description, bsc#1246229
+
+-------------------------------------------------------------------
+Wed Jul  2 14:47:20 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
+  case quadratic complexity when processing certain crafted
+  malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
+
+-------------------------------------------------------------------
+Wed Jul  2 13:14:28 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Add bsc1243155-sphinx-non-determinism.patch (bsc#1243155) to
+  generate ids for audit_events using docname (reproducible
+  builds).
+
+-------------------------------------------------------------------
+Tue Jul  1 08:23:22 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Use one core to build doc. This will make sphinx doc build
+  reproducible.
+  bsc#1243155
+
 -------------------------------------------------------------------
 Sat Jun 21 14:32:16 UTC 2025 - Marcus Meissner <meissner@suse.com>

@@ -55,7 +81,8 @@ Mon Jun  9 21:24:09 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
      bypassed using crafted symlinks and hard links.
      Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138
      (bsc#1244059), CVE-2025-4330 (bsc#1244060), and
-      CVE-2025-4517 (bsc#1244032).
+      CVE-2025-4517 (bsc#1244032). Also addresses CVE-2025-4435
+      (gh#135034, bsc#1244061).
    - gh-133767: Fix use-after-free in the “unicode-escape”
      decoder with a non-“strict” error handler (CVE-2025-4516,
      bsc#1243273).