dgit.raspbian.org Git - python3.9.git/commit

[PATCH] [3.10] gh-145506: Fixes CVE-2026-2297 by ensuring SourcelessFileLoader uses io.open_code (GH-145507) (#145516)

* gh-145506: Fixes CVE-2026-2297 by ensuring SourcelessFileLoader uses io.open_code (GH-145507)
(cherry picked from commit a51b1b512de1d56b3714b65628a2eae2b07e535e)

Co-authored-by: Steve Dower <steve.dower@python.org>
* Regenerate importlib_external.h

* Fix blurb entry

The `:cve:` role is not available on this branch.

---------

Co-authored-by: Steve Dower <steve.dower@python.org>
Co-authored-by: Stan Ulbrych <stan@ulbrych.org>
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Origin: backport, https://github.com/python/cpython/commit/876858c9f65d9ab656c7fa639f268ce7856d89dd

Gbp-Pq: Name CVE-2026-2297.patch

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Thu, 30 Apr 2026 21:18:39 +0000 (23:18 +0200)
committer	Arnaud Rebillout <arnaudr@debian.org>
	Thu, 14 May 2026 03:00:00 +0000 (10:00 +0700)
commit	a2f9de0991f0bd7578d02801db297a1b2d7c8369
tree	04478c8286fab310c4d8702a71d87c354871ae38	tree \| snapshot
parent	2628337a4ed20702a648a1c37e5a1f2ac65fe5ee	commit \| diff

Lib/importlib/_bootstrap_external.py		diff \| blob \| history
Misc/NEWS.d/next/Security/2026-03-04-18-59-17.gh-issue-145506.6hwvEh.rst	[new file with mode: 0644]	blob
Python/importlib_external.h		diff \| blob \| history