[Buildroot] [PATCH] package/python3: security bump to version 3.9.7
Peter Korsgaard
peter at korsgaard.com
Fri Sep 10 09:59:59 UTC 2021
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
>> Fixes the following security issues:
>> - bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to
>> avoid a potential race condition.
>> - bpo-41180: Add auditing events to the marshal module, and stop raising
>> code.__init__ events for every unmarshalled code object. Directly
>> instantiated code objects will continue to raise an event, and audit event
>> handlers should inspect or collect the raw marshal data. This reduces a
>> significant performance overhead when loading from .pyc files.
>> - bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to
>> get the fix for the CVE-2013-0340 “Billion Laughs” vulnerability. This
>> copy is most used on Windows and macOS.
>> - bpo-43124: Made the internal putcmd function in smtplib sanitize input for
>> presence of \r and \n characters to avoid (unlikely) command injection.
>> https://www.python.org/downloads/release/python-397/
>> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2021.02.x and 2021.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list