python3-3.11.5 (security update)

[Bruce Dubbs]

New point version.

[Xi Ruoyao]

There is some warnings:

DEPRECATION: Loading egg at /usr/lib/python3.11/site-packages/gpg-1.22.0-py3.11-linux-x86_64.egg is deprecated. pip 23.3 will enforce this behaviour change. A possible replacement is to use pip for package installation..
DEPRECATION: Loading egg at /usr/lib/python3.11/site-packages/gpg-1.19.0-py3.11-linux-x86_64.egg is deprecated. pip 23.3 will enforce this behaviour change. A possible replacement is to use pip for package installation..
DEPRECATION: Loading egg at /usr/lib/python3.11/site-packages/pwquality-1.4.5-py3.11-linux-x86_64.egg is deprecated. pip 23.3 will enforce this behaviour change. A possible replacement is to use pip for package installation..

I guess we should update the install process for gpgme and libpwquality Python modules in 12.1 dev cycle.

[Bruce Dubbs]

This package is now in LFS.

[pierre]

Xi Ruoyao has updated build instructions for gpgme and libpwquality at c3ad4c38 and b512e97b.

[pierre]

This is the fifth maintenance release of Python 3.11

Python 3.11.5 is the newest major release of the Python programming language, and it contains many new features and optimizations.

Security content in this release

gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith.

I'd say it's medium severity

[pierre]

Upgrade committed at deaa2009. SA coming.

[pierre]

SA done at commit c4ac25a in the www repository.