mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-02-06 00:38:45 +01:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Hitendra Prajapati	cfb6825c35	python3: fix CVE-2025-13836 Upstream-Status: Backport from `289f29b0fe` (From OE-Core rev: d3bcb5ded27003612ad591764f648e83e91c27ca) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2026-01-26 09:49:25 +00:00
Praveen Kumar	c6234dce63	python3: fix CVE-2025-6075 If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-6075 Upstream-patch: `892747b4cf` (From OE-Core rev: 9a7f33d85355ffbe382aa175c04c64541e77b441) Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-12-01 06:50:49 -08:00
Peter Marko	7ca21c761a	python3: upgrade 3.10.18 -> 3.10.19 Drop upstreamed patch and refresh remaining patches. Release information: * https://www.python.org/downloads/release/python-31019/ * The release you're looking at is Python 3.10.19, a security bugfix release for the legacy 3.10 series. Handles CVE-2025-59375, CVE-2025-47273 and CVE-2024-6345. (From OE-Core rev: 9b3dbd691f6ebdbdfe88cef3d3a676ddd1399c63) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-10-24 06:47:20 -07:00

Hitendra Prajapati

cfb6825c35

python3: fix CVE-2025-13836

Upstream-Status: Backport from 289f29b0fe

(From OE-Core rev: d3bcb5ded27003612ad591764f648e83e91c27ca)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2026-01-26 09:49:25 +00:00

Praveen Kumar

c6234dce63

python3: fix CVE-2025-6075

If the value passed to os.path.expandvars() is user-controlled a
performance degradation is possible when expanding environment variables.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-6075

Upstream-patch:
892747b4cf

(From OE-Core rev: 9a7f33d85355ffbe382aa175c04c64541e77b441)

Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2025-12-01 06:50:49 -08:00

Peter Marko

7ca21c761a

python3: upgrade 3.10.18 -> 3.10.19

Drop upstreamed patch and refresh remaining patches.

Release information:
* https://www.python.org/downloads/release/python-31019/
* The release you're looking at is Python 3.10.19, a security bugfix
  release for the legacy 3.10 series.

Handles CVE-2025-59375, CVE-2025-47273 and CVE-2024-6345.

(From OE-Core rev: 9b3dbd691f6ebdbdfe88cef3d3a676ddd1399c63)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2025-10-24 06:47:20 -07:00

3 Commits