- Update to 3.9.18 (bsc#1214692):

- gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith. - gh-107845: tarfile.data_filter() now takes the location of symlinks into account when determining their target, so it will no longer reject some valid tarballs with LinkOutsideDestinationError. - gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL 1.1.1v, 3.0.10, and 3.1.2. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=163
2023-09-06 06:39:22 +00:00
parent 96f7ae7576
commit b8f8306bca
6 changed files with 37 additions and 20 deletions
--- a/python39.changes
+++ b/python39.changes
@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Wed Sep  6 06:38:27 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 3.9.18 (bsc#1214692):
+  - gh-108310: Fixed an issue where instances of ssl.SSLSocket were
+    vulnerable to a bypass of the TLS handshake and included
+    protections (like certificate verification) and treating sent
+    unencrypted data as if it were post-handshake TLS encrypted data.
+    Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
+    Gregory P. Smith.
+  - gh-107845: tarfile.data_filter() now takes the location of
+    symlinks into account when determining their target, so it will no
+    longer reject some valid tarballs with
+    LinkOutsideDestinationError.
+  - gh-107565: Update multissltests and GitHub CI workflows to use
+    OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
+
 -------------------------------------------------------------------
 Thu Aug  3 14:53:38 UTC 2023 - Matej Cepl <mcepl@suse.com>