diff options
author | Tim Orling <timothy.t.orling@intel.com> | 2021-06-15 23:33:52 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-07-02 07:44:59 +0100 |
commit | 2c53b198ed217c890007e008ea2144089cdd252f (patch) | |
tree | b04a4bb5adb60fddb71f5e362d0b3bd4a16783b8 /scripts/postinst-intercepts/update_desktop_database | |
parent | 9d8c7d39f38b55216aaae7c9cc27087b5339e926 (diff) | |
download | poky-2c53b198ed217c890007e008ea2144089cdd252f.tar.gz |
python3: upgrade 3.8.7 -> 3.8.8
Release Date: Feb. 19, 2021
Note: The release you're looking at is Python 3.8.8, a bugfix release for the
legacy 3.8 series. Python 3.9 is now the latest feature release series of
Python 3.
Notable changes in Python 3.8.8
Earlier Python versions allowed using both ; and & as query parameter
separators in urllib.parse.parse_qs() and urllib.parse.parse_qsl(). Due to
security concerns, and to conform with newer W3C recommendations, this has been
changed to allow only a single separator key, with & as the default. This
change also affects cgi.parse() and cgi.parse_multipart() as they use the
affected functions internally. For more details, please see their respective
documentation. (Contributed by Adam Goldschmidt, Senthil Kumaran and Ken Jin
in bpo-42967.)
License-Update: update copyright years
Drop patches fixed in 3.8.8:
- CVE-2021-3177
Fixes:
CVE: CVE-2021-3426
CVE: CVE-2021-23336
References:
https://www.python.org/downloads/release/python-388/
https://docs.python.org/release/3.8.8/whatsnew/changelog.html#changelog
https://docs.python.org/3/whatsnew/3.8.html#notable-changes-in-python-3-8-8
https://nvd.nist.gov/vuln/detail/CVE-2021-3177
https://nvd.nist.gov/vuln/detail/CVE-2021-3426
(From OE-Core rev: fdfc3340b58e1af0c231eedaa07358f7d9c6483e)
Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'scripts/postinst-intercepts/update_desktop_database')
0 files changed, 0 insertions, 0 deletions