Opened 3 years ago

Closed 3 years ago

#15485 closed enhancement (fixed)

Python3-3.9.7 (Wait for LFS)

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: elevated Milestone: 11.1
Component: BOOK Version: git
Severity: normal Keywords:


New point version.

Change History (3)

comment:1 by Douglas R. Reno, 3 years ago

Priority: normalelevated

Similar to LFS, promoting to Elevated due to security fixes:

     bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory
 to avoid a potential race condition.

     bpo-41180: Add auditing events to the marshal module, and stop raising
 code.__init__ events for every unmarshalled code object. Directly
 instantiated code objects will continue to raise an event, and audit event
 handlers should inspect or collect the raw marshal data. This reduces a
 significant performance overhead when loading from .pyc files.

     bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8)
 to get the fix for the CVE-2013-0340 “Billion Laughs” vulnerability. This
 copy is most used on Windows and macOS.

     bpo-43124: Made the internal putcmd function in smtplib sanitize input
 for presence of \r and \n characters to avoid (unlikely) command

Note that we already have the fix for CVE-2013-0340 in our version of Expat in LFS, so that does not affect us.

comment:2 by Bruce Dubbs, 3 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:3 by Bruce Dubbs, 3 years ago

Resolution: fixed
Status: assignedclosed

Fixed at commit cc1c942130b5032afd457ed09864f5ba4a70c74c

 Package updates
    Update to Python3-3.9.7.
    Update to libcap-2.57.
Note: See TracTickets for help on using tickets.