<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-devtools/python, branch kirkstone</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=kirkstone</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=kirkstone'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2026-04-10T10:53:18+00:00</updated>
<entry>
<title>python3-pyopenssl: Fix CVE-2026-27459</title>
<updated>2026-04-10T10:53:18+00:00</updated>
<author>
<name>Vijay Anusuri</name>
<email>vanusuri@mvista.com</email>
</author>
<published>2026-03-25T07:24:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=80f07f41878e7b68e08f9bb6d20fe4193a1775e4'/>
<id>urn:sha1:80f07f41878e7b68e08f9bb6d20fe4193a1775e4</id>
<content type='text'>
Pick patch mentioned in NVD

[1] https://nvd.nist.gov/vuln/detail/CVE-2026-27459
[2] https://ubuntu.com/security/CVE-2026-27459

(From OE-Core rev: b46b806b2ef773d7061923e7bab9184fb758a6b4)

Signed-off-by: Vijay Anusuri &lt;vanusuri@mvista.com&gt;
Signed-off-by: Yoann Congal &lt;yoann.congal@smile.fr&gt;
Signed-off-by: Paul Barker &lt;paul@pbarker.dev&gt;
</content>
</entry>
<entry>
<title>python3-pyopenssl: Fix CVE-2026-27448</title>
<updated>2026-04-10T10:53:18+00:00</updated>
<author>
<name>Vijay Anusuri</name>
<email>vanusuri@mvista.com</email>
</author>
<published>2026-03-25T07:24:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=631b2c9ded69c37ac7c3b7e824ee58c6afafcb64'/>
<id>urn:sha1:631b2c9ded69c37ac7c3b7e824ee58c6afafcb64</id>
<content type='text'>
Pick patch mentioned in NVD

[1] https://nvd.nist.gov/vuln/detail/CVE-2026-27448
[2] https://ubuntu.com/security/CVE-2026-27448

(From OE-Core rev: c95d2068281fd88427a2e0a996d69c3898473e63)

Signed-off-by: Vijay Anusuri &lt;vanusuri@mvista.com&gt;
Signed-off-by: Yoann Congal &lt;yoann.congal@smile.fr&gt;
Signed-off-by: Paul Barker &lt;paul@pbarker.dev&gt;
</content>
</entry>
<entry>
<title>python3: upgrade 3.10.19 -&gt; 3.10.20</title>
<updated>2026-04-10T10:53:18+00:00</updated>
<author>
<name>Vijay Anusuri</name>
<email>vanusuri@mvista.com</email>
</author>
<published>2026-04-06T13:46:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=3c9199cfd854ac7c375beed30466aeabacad32bc'/>
<id>urn:sha1:3c9199cfd854ac7c375beed30466aeabacad32bc</id>
<content type='text'>
Drop upstreamed patches.

Release information:
* https://www.python.org/downloads/release/python-31020/
* The release you're looking at is Python 3.10.20, a security bugfix release for the legacy 3.10 series.

Handles CVE-2024-6923 CVE-2025-6075 CVE-2025-12084 CVE-2025-13836 CVE-2025-13837
CVE-2025-15282 CVE-2025-59375 CVE-2026-0865 CVE-2026-24515 CVE-2026-25210

(From OE-Core rev: 51e1581d337b674272c1a71dfc366387577bc5df)

Signed-off-by: Vijay Anusuri &lt;vanusuri@mvista.com&gt;
[YC: rebased on top of kirkstone]
Signed-off-by: Yoann Congal &lt;yoann.congal@smile.fr&gt;
Signed-off-by: Paul Barker &lt;paul@pbarker.dev&gt;
</content>
</entry>
<entry>
<title>python3-pip: Fix CVE-2026-1703</title>
<updated>2026-03-20T09:55:33+00:00</updated>
<author>
<name>Vijay Anusuri</name>
<email>vanusuri@mvista.com</email>
</author>
<published>2026-03-11T11:01:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=b0c2d6dfec39564100120dbb9e0eeab1d99a81ba'/>
<id>urn:sha1:b0c2d6dfec39564100120dbb9e0eeab1d99a81ba</id>
<content type='text'>
Pick patch according to [1]

[1] https://security-tracker.debian.org/tracker/CVE-2026-1703
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-1703
[3] https://github.com/pypa/pip/pull/13777

(From OE-Core rev: 0535436a9ceedcf690001cd705be753de4e4915f)

Signed-off-by: Vijay Anusuri &lt;vanusuri@mvista.com&gt;
Signed-off-by: Yoann Congal &lt;yoann.congal@smile.fr&gt;
Signed-off-by: Paul Barker &lt;paul@pbarker.dev&gt;
</content>
</entry>
<entry>
<title>python3: patch CVE-2025-12084</title>
<updated>2026-02-27T15:54:01+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2026-01-25T23:56:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=e7b549ecaa945a5b9f755316b80d515312d0bf2b'/>
<id>urn:sha1:e7b549ecaa945a5b9f755316b80d515312d0bf2b</id>
<content type='text'>
Pick patch for this CVE merged into 3.10 branch.

(From OE-Core rev: 8888cd14eb102574d530b6c683ce5beaad1aaa39)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Yoann Congal &lt;yoann.congal@smile.fr&gt;
Signed-off-by: Paul Barker &lt;paul@pbarker.dev&gt;
</content>
</entry>
<entry>
<title>python3: patch CVE-2025-13837</title>
<updated>2026-02-27T15:54:01+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2026-01-18T21:17:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=4ad238e9c1bda40c67f86dbeb24483d7deef9ae1'/>
<id>urn:sha1:4ad238e9c1bda40c67f86dbeb24483d7deef9ae1</id>
<content type='text'>
Pick patch from 3.12 branch per NVD report.

(From OE-Core rev: cfbac1d5edae4b0204ec4c01b5f710d100ceb2ad)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Yoann Congal &lt;yoann.congal@smile.fr&gt;
Signed-off-by: Paul Barker &lt;paul@pbarker.dev&gt;
</content>
</entry>
<entry>
<title>python3: fix CVE-2025-13836</title>
<updated>2026-01-26T09:49:25+00:00</updated>
<author>
<name>Hitendra Prajapati</name>
<email>hprajapati@mvista.com</email>
</author>
<published>2026-01-07T05:47:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=cfb6825c353084ae183a29214aad755ed6e0e5a3'/>
<id>urn:sha1:cfb6825c353084ae183a29214aad755ed6e0e5a3</id>
<content type='text'>
Upstream-Status: Backport from https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15

(From OE-Core rev: d3bcb5ded27003612ad591764f648e83e91c27ca)

Signed-off-by: Hitendra Prajapati &lt;hprajapati@mvista.com&gt;
Signed-off-by: Yoann Congal &lt;yoann.congal@smile.fr&gt;
Signed-off-by: Paul Barker &lt;paul@pbarker.dev&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>python3-urllib3: patch CVE-2025-66418</title>
<updated>2026-01-26T09:49:25+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2026-01-20T13:52:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=4c8419bebefe1b686166ab08d891cdc4d29257d5'/>
<id>urn:sha1:4c8419bebefe1b686166ab08d891cdc4d29257d5</id>
<content type='text'>
Pick patch per [1].

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-66418

(From OE-Core rev: 469fcdd5f07635fa9e308c968126807c1ca09647)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Yoann Congal &lt;yoann.congal@smile.fr&gt;
Signed-off-by: Paul Barker &lt;paul@pbarker.dev&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>python3: fix CVE-2025-6075</title>
<updated>2025-12-01T14:50:49+00:00</updated>
<author>
<name>Praveen Kumar</name>
<email>praveen.kumar@windriver.com</email>
</author>
<published>2025-11-21T11:26:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=c6234dce6342e9ba582f643e53ac348b5cdb0dab'/>
<id>urn:sha1:c6234dce6342e9ba582f643e53ac348b5cdb0dab</id>
<content type='text'>
If the value passed to os.path.expandvars() is user-controlled a
performance degradation is possible when expanding environment variables.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-6075

Upstream-patch:
https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca

(From OE-Core rev: 9a7f33d85355ffbe382aa175c04c64541e77b441)

Signed-off-by: Praveen Kumar &lt;praveen.kumar@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>python3-idna: Fix CVE-2024-3651</title>
<updated>2025-12-01T14:50:49+00:00</updated>
<author>
<name>Vijay Anusuri</name>
<email>vanusuri@mvista.com</email>
</author>
<published>2025-11-20T09:07:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=cdc78fd36f440024c36f92c0170961c96f6d096b'/>
<id>urn:sha1:cdc78fd36f440024c36f92c0170961c96f6d096b</id>
<content type='text'>
import patch from debian to fix
  CVE-2024-3651

Upstream-Status: Backport [import from debian 3.3-1+deb12u1
Upstream commit
https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7]

(From OE-Core rev: 7359d3cdf2210e81a26d8712769f7e23bfbc1bb7)

Signed-off-by: Vijay Anusuri &lt;vanusuri@mvista.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
</feed>
