From 72e8471b5cf4a011cd87692719bd4f69d9cc526c Mon Sep 17 00:00:00 2001 From: James Hilliard Date: Fri, 21 Oct 2022 11:05:36 -0600 Subject: [PATCH] package/python3: security bump to version 3.10.8 Fixes the following security issues: - CVE-2022-40674: bundled libexpat was upgraded from 2.4.7 to 2.4.9 which fixes a heap use-after-free vulnerability in function doContent - gh-97616: a fix for a possible buffer overflow in list *= int - gh-97612: a fix for possible shell injection in the example script get-remote-certificate.py(this issue originally had a CVE assigned to it, which its author withdrew) - gh-96577: a fix for a potential buffer overrun in msilib License hash changed due to links in license text being changed from http to https: https://github.com/python/cpython/commit/96f8d3619d839266491b722b943de65892bb0e81 Signed-off-by: James Hilliard [Peter: mark as security bump] Signed-off-by: Peter Korsgaard --- package/python3/python3.hash | 4 ++-- package/python3/python3.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/python3/python3.hash b/package/python3/python3.hash index c625e7a8ea..f9b8e2ec8d 100644 --- a/package/python3/python3.hash +++ b/package/python3/python3.hash @@ -1,3 +1,3 @@ # Locally computed -sha256 6eed8415b7516fb2f260906db5d48dd4c06acc0cb24a7d6cc15296a604dcdc48 Python-3.10.7.tar.xz -sha256 f03e17cd594c2085f66a454e695c7ebe5b4d3c0eff534f4f194abc2fd164621b LICENSE +sha256 6a30ecde59c47048013eb5a658c9b5dec277203d2793667f578df7671f7f03f3 Python-3.10.8.tar.xz +sha256 d4a223f033419313218c9b8444167e91e87a5bebdb43fb8490df441df5220a8b LICENSE diff --git a/package/python3/python3.mk b/package/python3/python3.mk index b7df26781a..4131941e11 100644 --- a/package/python3/python3.mk +++ b/package/python3/python3.mk @@ -5,7 +5,7 @@ ################################################################################ PYTHON3_VERSION_MAJOR = 3.10 -PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).7 +PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).8 PYTHON3_SOURCE = Python-$(PYTHON3_VERSION).tar.xz PYTHON3_SITE = https://python.org/ftp/python/$(PYTHON3_VERSION) PYTHON3_LICENSE = Python-2.0, others