Change History (4)
comment:1 by , 3 weeks ago
| Milestone: | → 13.0 |
|---|
comment:2 by , 3 weeks ago
comment:3 by , 3 weeks ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Fixed at commit c67516b6a9.
Update to systemd-259.1. Update to shadow-4.19.3. Update to setuptools-81.0.0 (Python module). Update to Python3-3.14.3. Update to procps-ng-4.0.6. Update to linux-6.18.9. Update to gettext-1.0. Update to expat-2.7.4 (Security update). Update to coreutils-9.10.tar.xz.
comment:4 by , 3 weeks ago
| Priority: | normal → high |
|---|
Security changes for Python-3.14.3:
Security
gh-144125: BytesGenerator will now refuse to serialize (write) headers that are
unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas
Bloemsaat and Petr Viktorin in gh-121650).
gh-143935: Fixed a bug in the folding of comments when flattening an email message
using a modern email policy. Comments consisting of a very long sequence of non-foldable
characters could trigger a forced line wrap that omitted the required leading space on
the continuation line, causing the remainder of the comment to be interpreted as a new
header field. This enabled header injection with carefully crafted inputs.
gh-143925: Reject control characters in data: URL media types.
gh-143919: Reject control characters in http.cookies.Morsel fields and values.
gh-143916: Reject C0 control characters within wsgiref.headers.Headers fields,
values, and parameters.
Note:
See TracTickets
for help on using tickets.
There are too many changes in this version to post here. See Python-3.14.3/Misc/NEWS in the tarball for the list.