patches/packages/python3-3.9.21-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
gh-126623: Upgraded libexpat to 2.6.4 to fix CVE-2024-50602.
gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the
mapped IPv4 address value for deciding properties. Properties which have
their behavior fixed are is_multicast, is_reserved, is_link_local, is_global,
and is_unspecified.
gh-124651: Properly quote template strings in venv activation scripts.
gh-103848: Added checks to ensure that [ bracketed ] hosts found by
urllib.parse.urlsplit() are of IPv6 or IPvFuture format.
gh-95588: Clarified the conflicting advice given in the ast documentation
about ast.literal_eval() being safe for use on untrusted input while at the
same time warning that it can crash the process. The latter statement is true
and is deemed unfixable without a large amount of work unsuitable for a
bugfix. So we keep the warning and no longer claim that literal_eval is safe.
For more information, see:
https://pythoninsider.blogspot.com/2024/12/python-3131-3128-31111-31016-and-3921.htmlhttps://www.cve.org/CVERecord?id=CVE-2024-50602
(* Security fix *)
2024-12-05 13:30:44 +01:00
Renamed from patches/packages/python3-3.9.20-x86_64-1_slack15.0.txt (Browse further)
