* [Buildroot] [git commit] package/python3: security bump to version 3.11.8
@ 2024-02-28 18:09 Peter Korsgaard
2024-03-18 11:44 ` Peter Korsgaard
0 siblings, 1 reply; 2+ messages in thread
From: Peter Korsgaard @ 2024-02-28 18:09 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=c7b52c3ccf4828cd848b6a98206dbe712f84e49b
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fixes the following security issue:
gh-113659: Skip .pth files with names starting with a dot or hidden file
attribute
https://github.com/python/cpython/issues/113659
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/python3/python3.hash | 6 +++---
package/python3/python3.mk | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/python3/python3.hash b/package/python3/python3.hash
index 39a16c1f71..962d32b5d9 100644
--- a/package/python3/python3.hash
+++ b/package/python3/python3.hash
@@ -1,5 +1,5 @@
-# From https://www.python.org/downloads/release/python-3116/
-md5 d0c5a1a31efe879723e51addf56dd206 Python-3.11.6.tar.xz
+# From https://www.python.org/downloads/release/python-3118/
+md5 b353b8433e560e1af2b130f56dfbd973 Python-3.11.8.tar.xz
# Locally computed
-sha256 0fab78fa7f133f4f38210c6260d90d7c0d5c7198446419ce057ec7ac2e6f5f38 Python-3.11.6.tar.xz
+sha256 9e06008c8901924395bc1da303eac567a729ae012baa182ab39269f650383bb3 Python-3.11.8.tar.xz
sha256 3b2f81fe21d181c499c59a256c8e1968455d6689d269aa85373bfb6af41da3bf LICENSE
diff --git a/package/python3/python3.mk b/package/python3/python3.mk
index 7a704d81e0..5d9d77af50 100644
--- a/package/python3/python3.mk
+++ b/package/python3/python3.mk
@@ -5,7 +5,7 @@
################################################################################
PYTHON3_VERSION_MAJOR = 3.11
-PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).6
+PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).8
PYTHON3_SOURCE = Python-$(PYTHON3_VERSION).tar.xz
PYTHON3_SITE = https://python.org/ftp/python/$(PYTHON3_VERSION)
PYTHON3_LICENSE = Python-2.0, others
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [git commit] package/python3: security bump to version 3.11.8
2024-02-28 18:09 [Buildroot] [git commit] package/python3: security bump to version 3.11.8 Peter Korsgaard
@ 2024-03-18 11:44 ` Peter Korsgaard
0 siblings, 0 replies; 2+ messages in thread
From: Peter Korsgaard @ 2024-03-18 11:44 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> commit: https://git.buildroot.net/buildroot/commit/?id=c7b52c3ccf4828cd848b6a98206dbe712f84e49b
> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
> Fixes the following security issue:
> gh-113659: Skip .pth files with names starting with a dot or hidden file
> attribute
> https://github.com/python/cpython/issues/113659
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2023.02.x and 2023.11.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-03-18 11:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-28 18:09 [Buildroot] [git commit] package/python3: security bump to version 3.11.8 Peter Korsgaard
2024-03-18 11:44 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox