mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-06 18:09:44 +03:00
fbe6c566a9
Fixes the following security issues:
- bpo-40121: Fixes audit events raised on creating a new socket
- bpo-38576: Disallow control characters in hostnames in http.client,
addressing CVE-2019-18348. Such potentially malicious header injection
URLs now cause a InvalidURL to be raised.
- bpo-39503: CVE-2020-8492: The AbstractBasicAuthHandler class of the
urllib.request module uses an inefficient regular expression which can be
exploited by an attacker to cause a denial of service. Fix the regex to
prevent the catastrophic backtracking. Vulnerability reported by Ben
Caller and Matt Schwager.
For more details, see the changelog:
https://docs.python.org/release/3.8.3/whatsnew/changelog.html#security
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5ff01eb31f)
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 lines
314 B
Plaintext
6 lines
314 B
Plaintext
# From https://www.python.org/downloads/release/python-383/
|
|
md5 3000cf50aaa413052aef82fd2122ca78 Python-3.8.3.tar.xz
|
|
# Locally computed
|
|
sha256 dfab5ec723c218082fe3d5d7ae17ecbdebffa9a1aea4d64aa3a2ecdd2e795864 Python-3.8.3.tar.xz
|
|
sha256 de4d1f2d2ad5ad0cfd1657a106476b31cb5db5ef9d1ff842b237c0c81f0c8a23 LICENSE
|