diff options
| author | Chee Yang Lee <chee.yang.lee@intel.com> | 2023-09-04 18:18:23 +0800 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2023-09-08 16:09:41 -1000 |
| commit | 0fb3fd0a0d9fbfeafb87ec6b63974f82c49d667c (patch) | |
| tree | 269f8e6e3ce5428b8db7a757ccedcaa0b58368db /scripts/lib/devtool/standard.py | |
| parent | f1de33df8b920c4a48e28797d83b152a7cb0c1c6 (diff) | |
| download | poky-0fb3fd0a0d9fbfeafb87ec6b63974f82c49d667c.tar.gz | |
python3: upgrade to 3.10.13
Release date: 2023-08-24
Security
gh-108310: Fixed an issue where instances of ssl.SSLSocket were
vulnerable to a bypass of the TLS handshake and included protections
(like certificate verification) and treating sent unencrypted data as if
it were post-handshake TLS encrypted data. Security issue reported as
CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith.
Library
gh-107845: tarfile.data_filter() now takes the location of symlinks into
account when determining their target, so it will no longer reject some
valid tarballs with LinkOutsideDestinationError.
Tools/Demos
gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL
1.1.1v, 3.0.10, and 3.1.2.
C API
gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data:
*consumed was not set.
(From OE-Core rev: a30e51b8d13912f0d68bfffcd2d8ae6431d2b863)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'scripts/lib/devtool/standard.py')
0 files changed, 0 insertions, 0 deletions