diff --git a/python314.changes b/python314.changes index b6fce9f..b5d1c54 100644 --- a/python314.changes +++ b/python314.changes @@ -6,8 +6,9 @@ Thu Feb 5 17:26:23 UTC 2026 - Matej Cepl gh#python/cpython!141128, and gh#python/cpython!141153. All `*b64decode` functions should not accept non-altchars. - Add CVE-2025-15366-imap-ctrl-chars.patch fixing bsc#1257044 - (CVE-2025-15366) using gh#python/cpython!143922 and doing - basically the same as the previous patch for IMAP protocol. + (CVE-2025-15366, gh-143921) using gh#python/cpython!143922 and + doing basically the same as the previous patch for IMAP + protocol. - Add CVE-2025-15367-poplib-ctrl-chars.patch fixing bsc#1257041 (CVE-2025-15367) using gh#python/cpython!143924 and doing basically the same as the previous patch for poplib library. @@ -51,11 +52,12 @@ Thu Feb 5 12:57:09 UTC 2026 - Matej Cepl a new header field. This enabled header injection with carefully crafted inputs (bsc#1257029, CVE-2025-11468). - gh-143925: Reject control characters in data: URL media - types. + types (bsc#1257046, CVE-2025-15282). - gh-143919: Reject control characters in http.cookies.Morsel fields and values (bsc#1257031, CVE-2026-0672). - gh-143916: Reject C0 control characters within - wsgiref.headers.Headers fields, values, and parameters. + wsgiref.headers.Headers fields, values, and parameters + (bsc#1257042, CVE-2026-0865). - Library - gh-144380: Improve performance of io.BufferedReader line iteration by ~49%. @@ -377,7 +379,8 @@ Thu Jan 29 12:58:15 UTC 2026 - Matej Cepl - Add CVE-2024-6923-follow-up-EOL-email-headers.patch which is a follow-up to the previous fix of CVE-2024-6923 further - encoding EOL possibly hidden in email headers (bsc#1257181). + encoding EOL possibly hidden in email headers (bsc#1257181, + also bsc#1257181, CVE-2026-1299). - Add CVE-2025-11468-email-hdr-fold-comment.patch preserving parens when folding comments in email headers (bsc#1257029, CVE-2025-11468).