Path to this page:
Subject: CVS commit: pkgsrc/lang
From: Adam Ciarcinski
Date: 2023-08-25 10:26:13
Message id: 20230825082613.E20F1FBDB@cvs.NetBSD.org
Log Message:
python39 py39-html-docs: updated to 3.9.18
Python 3.9.18
Security
gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a \
bypass of the TLS handshake and included protections (like certificate \
verification) and treating sent unencrypted data as if it were post-handshake \
TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. \
Patch by Gregory P. Smith.
Library
gh-107845: tarfile.data_filter() now takes the location of symlinks into account \
when determining their target, so it will no longer reject some valid tarballs \
with LinkOutsideDestinationError.
Tools/Demos
gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL 1.1.1v, \
3.0.10, and 3.1.2.
C API
gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data: *consumed was \
not set.
Files: