projects / feed / packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c15122f) | patch
python3: Backport security fixes 12882/head
authorJeffery To <jeffery.to@gmail.com>
Mon, 20 Jul 2020 09:43:45 +0000 (17:43 +0800)
committerJeffery To <jeffery.to@gmail.com>
Mon, 20 Jul 2020 09:43:45 +0000 (17:43 +0800)
commite05705fa54bffebe32133f52358f89bbeac504ac
tree79c28f7ae968211b9cb4d0b13098c5004aa8e104tree | snapshot
parentc15122fb7a7a7d4ee0f5efeec11c396841111cc1commit | diff
python3: Backport security fixes

This backports fixes for security issues, including:
* CVE-2020-14422: Hash collisions in IPv4Interface and IPv6Interface
* CVE-2019-20907: Infinite loop in the tarfile module

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
lang/python/python3/Makefile diff | blob | history
lang/python/python3/patches/025-bpo-41004-Resolve-hash-collisions-for-IPv4Interface-and-IPv6Interface-GH-21033-GH-21232.patch [new file with mode: 0644] blob
lang/python/python3/patches/026-bpo-41288-Fix-a-crash-in-unpickling-invalid-NEWOBJ_EX-GH-21458-GH-21462.patch [new file with mode: 0644] blob
lang/python/python3/patches/027-bpo-39017-Avoid-infinite-loop-in-the-tarfile-module-GH-21454-GH-21485.patch [new file with mode: 0644] blob
lang/python/python3/patches/028-bpo-39603-Prevent-header-injection-in-http-methods-GH-18485-GH-21539.patch [new file with mode: 0644] blob
Mirror of packages feed