mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-23 16:51:44 +03:00
package/python3: security bump to version 3.8.4
Fixes the following security issues:
- bpo-41162: Audit hooks are now cleared later during finalization to avoid
missing events.
- bpo-29778: Ensure python3.dll is loaded from correct locations when Python
is embedded (CVE-2020-15523).
- bpo-41004: The __hash__() methods of ipaddress.IPv4Interface and
ipaddress.IPv6Interface incorrectly generated constant hash values of 32
and 128 respectively. This resulted in always causing hash collisions.
The fix uses hash() to generate hash values for the tuple of (address,
mask length, network address).
- bpo-39073: Disallow CR or LF in email.headerregistry.Address arguments to
guard against header injection attacks.
For more details, see the changelog:
https://docs.python.org/release/3.8.4/whatsnew/changelog.html#security
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d6ff343d67)
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Adam Duskett
committed by
Peter Korsgaard
Peter Korsgaard
parent
e39c1d13c1
commit
87b8b6f54e
@@ -5,7 +5,7 @@
|
||||
################################################################################
|
||||
|
||||
PYTHON3_VERSION_MAJOR = 3.8
|
||||
PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).3
|
||||
PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).4
|
||||
PYTHON3_SOURCE = Python-$(PYTHON3_VERSION).tar.xz
|
||||
PYTHON3_SITE = https://python.org/ftp/python/$(PYTHON3_VERSION)
|
||||
PYTHON3_LICENSE = Python-2.0, others
|
||||
|
||||
Reference in New Issue
Block a user