]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8388633) | patch
python3: upgrade 3.13.3 -> 3.13.4
authorPraveen Kumar <praveen.kumar@windriver.com>
Thu, 5 Jun 2025 14:38:25 +0000 (20:08 +0530)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 9 Jun 2025 16:43:20 +0000 (17:43 +0100)
commitd2bcfa826aa3a7bd5d6ab250fb8ba083e2688c8b
tree1d2c7f885baee965587318cc0fc96849de7b878dtree | snapshot
parent83886335bd08f5fa147694e957b2467b19aea6bdcommit | diff
python3: upgrade 3.13.3 -> 3.13.4

Security content in this release:
- gh-135034: Fixes multiple issues that allowed tarfile extraction filters
  (filter="data" and filter="tar") to be bypassed using crafted symlinks and
  hard links. Addresses CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, and
  CVE-2025-4517.
- gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-
  “strict” error handler.
- gh-128840: Short-circuit the processing of long IPv6 addresses early in
  ipaddress to prevent excessive memory consumption and a minor denial-of-service.

Includes additional standard library improvements and bug fixes.

References:
https://docs.python.org/3/whatsnew/changelog.html#python-3-13-4-final
https://www.python.org/downloads/release/python-3134/

Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-devtools/python/python3_3.13.4.bb [moved from meta/recipes-devtools/python/python3_3.13.3.bb with 99% similarity] diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib