Security content in this release:
- gh-135034: Fixes multiple issues that allowed tarfile extraction filters
(filter="data" and filter="tar") to be bypassed using crafted symlinks and
hard links. Addresses CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, and
CVE-2025-4517.
- gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-
“strict” error handler.
- gh-128840: Short-circuit the processing of long IPv6 addresses early in
ipaddress to prevent excessive memory consumption and a minor denial-of-service.
Includes additional standard library improvements and bug fixes.
References:
https://docs.python.org/3/whatsnew/changelog.html#python-3-13-4-finalhttps://www.python.org/downloads/release/python-3134/
(From OE-Core rev: d2bcfa826aa3a7bd5d6ab250fb8ba083e2688c8b)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
