mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Peter Marko	5ae239f8ea	python3: patch CVE-2025-12084 Pick patch from 3.12 branch according to [1]. [1] https://nvd.nist.gov/vuln/detail/CVE-2025-12084 (From OE-Core rev: c3ed0dfa3a7b8716008968b0d7f80885b2f61a84) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2026-01-26 09:45:38 +00:00
Praveen Kumar	792947d444	python3: fix CVE-2025-6075 If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-6075 Upstream-patch: `9ab89c026a` (From OE-Core rev: 5313fa5236cd3943f90804de2af81358971894bc) Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-12-05 07:13:42 -08:00
Peter Marko	2e5bb26c2c	python3: upgrade 3.12.11 -> 3.12.12 Drop upstreamed patch and refresh remaining patches. Release information: * https://www.python.org/downloads/release/python-31212/ * The release you're looking at is Python 3.12.12, a security bugfix release for the legacy 3.12 series. Handles CVE-2025-59375. (From OE-Core rev: f1234b8451ba843b5f9ec1d2066c21f54d6bc3b8) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-10-24 06:23:40 -07:00

Peter Marko

5ae239f8ea

python3: patch CVE-2025-12084

Pick patch from 3.12 branch according to [1].

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-12084

(From OE-Core rev: c3ed0dfa3a7b8716008968b0d7f80885b2f61a84)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2026-01-26 09:45:38 +00:00

Praveen Kumar

792947d444

python3: fix CVE-2025-6075

If the value passed to os.path.expandvars() is user-controlled a
performance degradation is possible when expanding environment variables.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-6075

Upstream-patch:
9ab89c026a

(From OE-Core rev: 5313fa5236cd3943f90804de2af81358971894bc)

Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2025-12-05 07:13:42 -08:00

Peter Marko

2e5bb26c2c

python3: upgrade 3.12.11 -> 3.12.12

Drop upstreamed patch and refresh remaining patches.

Release information:
* https://www.python.org/downloads/release/python-31212/
* The release you're looking at is Python 3.12.12, a security bugfix
  release for the legacy 3.12 series.

Handles CVE-2025-59375.

(From OE-Core rev: f1234b8451ba843b5f9ec1d2066c21f54d6bc3b8)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2025-10-24 06:23:40 -07:00

3 Commits