projects / python3.9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: 9f2d099 4b4f76a)
Merge version 3.9.2-1+rpi1 and 3.9.2-1+deb11u2 to produce 3.9.2-1+rpi1+deb11u2 archive/raspbian/3.9.2-1+rpi1+deb11u2 raspbian/3.9.2-1+rpi1+deb11u2
authorRaspbian automatic forward porter <root@raspbian.org>
Mon, 9 Dec 2024 13:57:35 +0000 (13:57 +0000)
committerRaspbian automatic forward porter <root@raspbian.org>
Mon, 9 Dec 2024 13:57:35 +0000 (13:57 +0000)
1  2 
debian/changelog patch | diff1 | diff2 | blob | history
debian/rules patch | diff1 | diff2 | blob | history

diff --cc debian/changelog
index 3e002b9568445e8e14edbf5bb94b4b43e473f820,6271c66e6be9987d48d5f60672658138c4720eb3..a6f858a4edb651035c5fdc6b7ff3f9fd3769513e
--- 1/debian/changelog
--- 2/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,43 +1,50 @@@
- python3.9 (3.9.2-1+rpi1) bullseye-staging; urgency=medium
++python3.9 (3.9.2-1+rpi1+deb11u2) bullseye-staging; urgency=medium
 +
 +  [changes brought forward from 3.9.0~b5-2+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Thu, 30 Jul 2020 10:10:07 +0000]
 +  * Disable testsuite (test_concurrent_futures seems to hang)
 +
-  -- Raspbian forward porter <root@raspbian.org>  Fri, 12 Mar 2021 04:06:34 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Mon, 09 Dec 2024 13:57:34 +0000
++
+ python3.9 (3.9.2-1+deb11u2) bullseye-security; urgency=medium
+   * Non-maintainer upload by the LTS Team.
+   * Fix the binary-all tests.
+  -- Adrian Bunk <bunk@debian.org>  Sun, 01 Dec 2024 14:12:57 +0200
+ python3.9 (3.9.2-1+deb11u1) bullseye-security; urgency=medium
+   * Non-maintainer upload by the LTS Team.
+   * CVE-2015-20107: The mailcap module did not add escape characters
+     into commands discovered in the system mailcap file
+   * CVE-2020-10735: Prevent DoS with very large int
+   * CVE-2021-3426: Remove the pydoc getfile feature which
+     could be abused to read arbitrary files on the disk
+   * CVE-2021-3733: Regular Expression Denial of Service in urllib's
+     AbstractBasicAuthHandler class
+   * CVE-2021-3737: Infinite loop in the HTTP client code
+   * CVE-2021-4189: Make ftplib not trust the PASV response
+   * CVE-2021-28861: Open redirection vulnerability in http.server
+   * CVE-2021-29921: Leading zeros in IPv4 addresses are no longer tolerated
+   * CVE-2022-42919: Don't use Linux abstract sockets for multiprocessing
+   * CVE-2022-45061: Quadratic time in the IDNA decoder
+   * CVE-2023-6597: tempfile.TemporaryDirectory failure to remove dir
+   * CVE-2023-24329: Strip C0 control and space chars in urlsplit
+   * CVE-2023-27043: Reject malformed addresses in email.parseaddr()
+   * CVE-2023-40217: ssl.SSLSocket bypass of the TLS handshake
+   * CVE-2024-0397: Race condition in ssl.SSLContext
+   * CVE-2024-0450: quoted-overlap zipbomb DoS
+   * CVE-2024-4032: Incorrect information about private addresses
+     in the ipaddress module
+   * CVE-2024-6232: ReDoS when parsing tarfile headers
+   * CVE-2024-6923: Encode newlines in headers in the email module
+   * CVE-2024-7592: Quadratic complexity parsing cookies with backslashes
+   * CVE-2024-8088: Infinite loop when iterating over zip archive entry names
+   * CVE-2024-9287: venv activation scripts did't quote paths
+   * CVE-2024-11168: urllib functions improperly validated bracketed hosts
+   * Fix build test failures and make them fatal.
+  -- Adrian Bunk <bunk@debian.org>  Fri, 29 Nov 2024 19:38:21 +0200
  
  python3.9 (3.9.2-1) unstable; urgency=medium
  
diff --cc debian/rules
Simple merge
Unnamed repository; edit this file 'description' to name the repository.