mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
69,202 Commits 38 Branches 617 Tags
c6234dce6342e9ba582f643e53ac348b5cdb0dab
Commit Graph

2 Commits

Author SHA1 Message Date
Praveen Kumar
c6234dce63 python3: fix CVE-2025-6075 
If the value passed to os.path.expandvars() is user-controlled a
performance degradation is possible when expanding environment variables.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-6075

Upstream-patch:
892747b4cf

(From OE-Core rev: 9a7f33d85355ffbe382aa175c04c64541e77b441)

Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-12-01 06:50:49 -08:00
Peter Marko
7ca21c761a python3: upgrade 3.10.18 -> 3.10.19 
Drop upstreamed patch and refresh remaining patches.

Release information:
* https://www.python.org/downloads/release/python-31019/
* The release you're looking at is Python 3.10.19, a security bugfix
  release for the legacy 3.10 series.

Handles CVE-2025-59375, CVE-2025-47273 and CVE-2024-6345.

(From OE-Core rev: 9b3dbd691f6ebdbdfe88cef3d3a676ddd1399c63)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2025-10-24 06:47:20 -07:00