projects / feed / packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cf03cb1) | patch
python3: Backport security fixes 12881/head
authorJeffery To <jeffery.to@gmail.com>
Sun, 19 Jul 2020 22:02:38 +0000 (06:02 +0800)
committerJeffery To <jeffery.to@gmail.com>
Mon, 20 Jul 2020 09:39:42 +0000 (17:39 +0800)
commitddb0af40614e9398d4a9f48cfeb4f0946a200b14
treeeaba45e9af9d7d6a5da631b074bfa96591b5c92dtree | snapshot
parentcf03cb1806e3d37d81bea7ec60a6533cc973451fcommit | diff
python3: Backport security fixes

This backports fixes for security issues, including:
* CVE-2020-14422: Hash collisions in IPv4Interface and IPv6Interface
* CVE-2019-20907: Infinite loop in the tarfile module

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
lang/python/python3/Makefile diff | blob | history
lang/python/python3/patches/027-bpo-41004-Resolve-hash-collisions-for-IPv4Interface-and-IPv6Interface-GH-21033-GH-21231.patch [new file with mode: 0644] blob
lang/python/python3/patches/028-closes-bpo-41235-Fix-the-error-handling-in-SSLContext.load_dh_params-GH-21389.patch [new file with mode: 0644] blob
lang/python/python3/patches/029-bpo-41288-Fix-a-crash-in-unpickling-invalid-NEWOBJ_EX-GH-21458-GH-21461.patch [new file with mode: 0644] blob
lang/python/python3/patches/030-bpo-39017-Avoid-infinite-loop-in-the-tarfile-module-GH-21454-GH-21484.patch [new file with mode: 0644] blob
lang/python/python3/patches/031-bpo-39603-Prevent-header-injection-in-http-methods-GH-18485-GH-21538.patch [new file with mode: 0644] blob
Mirror of packages feed