Request 874119 (superseded)

This request is superseded by request 874121 (Show diff)

Overview

Request 874119 superseded

- Update to 3.8.8:
- bpo#42938 (bsc#1181126): Avoid static buffers when computing
the repr of ctypes.c_double and ctypes.c_longdouble
values. This issue was assigned CVE-2021-3177.
- bpo#42967 (bso#1182379): Fix web cache poisoning
vulnerability by defaulting the query args separator to &,
and allowing the user to choose a custom separator. This
issue was assigned CVE-2021-23336.
- Remove bsc1167502-invalid-alignment.patch and
CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch, which were included
into the upstream tarball.

Created by mcepl over 3 years ago
In state superseded
Supersedes 874101
Superseded by 874121
Open review for licensedigger
Open review for factory-staging

Submit python38

Comments for request 874119 0

Request History

mcepl created request over 3 years ago

factory-auto declined review over 3 years ago

Output of check script:
A patch (bsc1167501-invalid-alignment.patch) is being deleted without this removal being mentioned in the changelog.

factory-auto declined request over 3 years ago

Output of check script:
A patch (bsc1167501-invalid-alignment.patch) is being deleted without this removal being mentioned in the changelog.

mcepl superseded request over 3 years ago

- Update to 3.8.8:
- bpo#42938 (bsc#1181126): Avoid static buffers when computing
the repr of ctypes.c_double and ctypes.c_longdouble
values. This issue was assigned CVE-2021-3177.
- bpo#42967 (bso#1182379): Fix web cache poisoning
vulnerability by defaulting the query args separator to &,
and allowing the user to choose a custom separator. This
issue was assigned CVE-2021-23336.
- Remove bsc1167501-invalid-alignment.patch and
CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch, which were included
into the upstream tarball.

Places

Overview