slackware-current

mirror of git://slackware.nl/current.git synced 2024-12-26 09:58:59 +01:00

History

Patrick J Volkerding 39de03bf5f Wed Dec 4 22:24:22 UTC 2024 patches/packages/python3-3.9.21-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: gh-126623: Upgraded libexpat to 2.6.4 to fix CVE-2024-50602. gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified. gh-124651: Properly quote template strings in venv activation scripts. gh-103848: Added checks to ensure that [ bracketed ] hosts found by urllib.parse.urlsplit() are of IPv6 or IPvFuture format. gh-95588: Clarified the conflicting advice given in the ast documentation about ast.literal_eval() being safe for use on untrusted input while at the same time warning that it can crash the process. The latter statement is true and is deemed unfixable without a large amount of work unsuitable for a bugfix. So we keep the warning and no longer claim that literal_eval is safe. For more information, see: https://pythoninsider.blogspot.com/2024/12/python-3131-3128-31111-31016-and-3921.html https://www.cve.org/CVERecord?id=CVE-2024-50602 (* Security fix *)	2024-12-05 13:30:44 +01:00
..
packages	Wed Dec 4 22:24:22 UTC 2024	2024-12-05 13:30:44 +01:00
source	Wed Nov 20 22:05:15 UTC 2024	2024-11-21 13:30:38 +01:00

Patrick J Volkerding 39de03bf5f Wed Dec 4 22:24:22 UTC 2024

patches/packages/python3-3.9.21-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  gh-126623: Upgraded libexpat to 2.6.4 to fix CVE-2024-50602.
  gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the
  mapped IPv4 address value for deciding properties. Properties which have
  their behavior fixed are is_multicast, is_reserved, is_link_local, is_global,
  and is_unspecified.
  gh-124651: Properly quote template strings in venv activation scripts.
  gh-103848: Added checks to ensure that [ bracketed ] hosts found by
  urllib.parse.urlsplit() are of IPv6 or IPvFuture format.
  gh-95588: Clarified the conflicting advice given in the ast documentation
  about ast.literal_eval() being safe for use on untrusted input while at the
  same time warning that it can crash the process. The latter statement is true
  and is deemed unfixable without a large amount of work unsuitable for a
  bugfix. So we keep the warning and no longer claim that literal_eval is safe.
  For more information, see:
    https://pythoninsider.blogspot.com/2024/12/python-3131-3128-31111-31016-and-3921.html
    https://www.cve.org/CVERecord?id=CVE-2024-50602
  (* Security fix *)

2024-12-05 13:30:44 +01:00

packages

Wed Dec 4 22:24:22 UTC 2024

2024-12-05 13:30:44 +01:00

source

Wed Nov 20 22:05:15 UTC 2024

2024-11-21 13:30:38 +01:00