mirror of
https://git.yoctoproject.org/poky
synced 2026-04-29 00:32:14 +02:00
f64ec011d9
Security content in this release: - gh-135034: Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links. Addresses CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, and CVE-2025-4517. - gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non- “strict” error handler. - gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. Includes additional standard library improvements and bug fixes. References: https://docs.python.org/3/whatsnew/changelog.html#python-3-13-4-final https://www.python.org/downloads/release/python-3134/ (From OE-Core rev: d2bcfa826aa3a7bd5d6ab250fb8ba083e2688c8b) Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>