python-interpreters/python39
SHA256
6
0
Fork 0
forked from pool/python39
Code Pull Requests Activity

Update to 3.9.25

Browse Source 
Security
    - gh-137836: Add support of the “plaintext” element, RAWTEXT
      elements “xmp”, “iframe”, “noembed” and “noframes”, and
      optionally RAWTEXT element “noscript” in
      html.parser.HTMLParser.
    - gh-136063: email.message: ensure linear complexity for
      legacy HTTP parameters parsing. Patch by Bénédikt Tran.
    - gh-136065: Fix quadratic complexity in
      os.path.expandvars() (CVE-2025-6075, bsc#1252974).
Library
    - gh-98793: Fix argument typechecks in
      _overlapped.WSAConnect() and
      _overlapped.Overlapped.WSASendTo() functions. bpo-44817:
      Ignore WinError 53 (ERROR_BAD_NETPATH), 65
      (ERROR_NETWORK_ACCESS_DENIED) and 161 (ERROR_BAD_PATHNAME)
      when using ntpath.realpath().
Core and Builtins
    - gh-120384: Fix an array out of bounds crash in
      list_ass_subscript, which could be invoked via some
      specificly tailored input: including concurrent
      modification of a list object, where one thread assigns
      a slice and another clears it.
    - gh-120298: Fix use-after free in list_richcompare_impl
      which can be invoked via some specificly tailored evil
      input.
This commit is contained in:
Matej Cepl
2025-12-11 22:48:48 +01:00
parent 9cf0841df6
commit a7506e8af6
8 changed files with 51 additions and 403 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
python39.changes
View File

@@ -1,3 +1,33 @@
-------------------------------------------------------------------
Thu Dec 11 21:44:35 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
* Update to 3.9.25:
- Security
- gh-137836: Add support of the “plaintext” element, RAWTEXT
elements “xmp”, “iframe”, “noembed” and “noframes”, and
optionally RAWTEXT element “noscript” in
html.parser.HTMLParser.
- gh-136063: email.message: ensure linear complexity for
legacy HTTP parameters parsing. Patch by Bénédikt Tran.
- gh-136065: Fix quadratic complexity in
os.path.expandvars() (CVE-2025-6075, bsc#1252974).
- Library
- gh-98793: Fix argument typechecks in
_overlapped.WSAConnect() and
_overlapped.Overlapped.WSASendTo() functions. bpo-44817:
Ignore WinError 53 (ERROR_BAD_NETPATH), 65
(ERROR_NETWORK_ACCESS_DENIED) and 161 (ERROR_BAD_PATHNAME)
when using ntpath.realpath().
- Core and Builtins
- gh-120384: Fix an array out of bounds crash in
list_ass_subscript, which could be invoked via some
specificly tailored input: including concurrent
modification of a list object, where one thread assigns
a slice and another clears it.
- gh-120298: Fix use-after free in list_richcompare_impl
which can be invoked via some specificly tailored evil
input.
-------------------------------------------------------------------
Thu Nov 13 17:13:03 UTC 2025 - Matej Cepl <mcepl@cepl.eu>