diff options
| author | Peter Marko <peter.marko@siemens.com> | 2025-06-08 23:43:27 +0200 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-06-13 08:58:01 -0700 |
| commit | c4f82e3fd561ac83c8c836e43d701cff36ca2f42 (patch) | |
| tree | 27711273b06a4a06364b1e56b0392f3df8a1856d /documentation/set_versions.py | |
| parent | 82e8f8c2e08c48229154ce3fbc599e4112b72d58 (diff) | |
| download | poky-c4f82e3fd561ac83c8c836e43d701cff36ca2f42.tar.gz | |
python3: upgrade 3.12.9 -> 3.12.11
Drop upstreamed patch and refresh remaining patches.
* https://www.python.org/downloads/release/python-31210/
Python 3.12.10 is the latest maintenance release of Python 3.12, and
the last full maintenance release. Subsequent releases of 3.12 will be
security-fixes only.
* https://www.python.org/downloads/release/python-31211/
Security content in this release
* gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330]
[CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed
tarfile extraction filters (filter="data" and filter="tar") to be
bypassed using crafted symlinks and hard links.
* gh-133767: Fix use-after-free in the “unicode-escape” decoder with a
non-“strict” error handler.
* gh-128840: Short-circuit the processing of long IPv6 addresses early
in ipaddress to prevent excessive memory consumption and a minor
denial-of-service.
gh-133767 got meawhile CVE-2025-4516 assigned.
(From OE-Core rev: 6cca08b2857efd5481e837ecd6bb295cb8a99ee1)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'documentation/set_versions.py')
0 files changed, 0 insertions, 0 deletions