Peter Marko
2104407814
python3: patch CVE-2025-13836
...
Pick commit from branch 3.12 mentioned in [1].
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-13836
(From OE-Core rev: 05aa143fb5f63de0f53e916daa3392917da46131)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Yoann Congal <yoann.congal@smile.fr >
Signed-off-by: Paul Barker <paul@pbarker.dev >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2026-01-26 09:45:38 +00:00
Peter Marko
5ae239f8ea
python3: patch CVE-2025-12084
...
Pick patch from 3.12 branch according to [1].
[1] https://nvd.nist.gov/vuln/detail/CVE-2025-12084
(From OE-Core rev: c3ed0dfa3a7b8716008968b0d7f80885b2f61a84)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
Signed-off-by: Paul Barker <paul@pbarker.dev >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2026-01-26 09:45:38 +00:00
Praveen Kumar
792947d444
python3: fix CVE-2025-6075
...
If the value passed to os.path.expandvars() is user-controlled a
performance degradation is possible when expanding environment variables.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-6075
Upstream-patch:
9ab89c026apraveen.kumar@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-12-05 07:13:42 -08:00
Peter Marko
2e5bb26c2c
python3: upgrade 3.12.11 -> 3.12.12
...
Drop upstreamed patch and refresh remaining patches.
Release information:
* https://www.python.org/downloads/release/python-31212/
* The release you're looking at is Python 3.12.12, a security bugfix
release for the legacy 3.12 series.
Handles CVE-2025-59375.
(From OE-Core rev: f1234b8451ba843b5f9ec1d2066c21f54d6bc3b8)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-10-24 06:23:40 -07:00
