From: Paul Barker <paul@pbarker.dev>
To: yoann.congal@smile.fr, openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][kirkstone 08/18] python3: Fix CVE-2025-15282
Date: Mon, 06 Apr 2026 10:09:50 +0100 [thread overview]
Message-ID: <053f62bc5f48a7ef16d955982e64adecf35714be.camel@pbarker.dev> (raw)
In-Reply-To: <c19d97a63c2b9b145a0370a961cbfef90b450010.1775435063.git.yoann.congal@smile.fr>
[-- Attachment #1: Type: text/plain, Size: 675 bytes --]
On Mon, 2026-04-06 at 08:26 +0200, Yoann Congal via
lists.openembedded.org wrote:
> From: Vijay Anusuri <vanusuri@mvista.com>
>
> Pick patch from 3.10 branch
>
> [1] https://nvd.nist.gov/vuln/detail/CVE-2025-15282
> [2] https://security-tracker.debian.org/tracker/CVE-2025-15282
>
> Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
The fix for this issue (referred to as gh-143925 upstream) looks to be
part of Python 3.10.20 [1]. Should we take a final Python stable update
instead of this patch?
[1]: https://www.python.org/downloads/release/python-31020/
Best regards,
--
Paul Barker
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 252 bytes --]
next prev parent reply other threads:[~2026-04-06 9:10 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-06 6:26 [OE-core][kirkstone 00/18] Patch review Yoann Congal
2026-04-06 6:26 ` [OE-core][kirkstone 01/18] linux-yocto/5.15: update to v5.15.200 Yoann Congal
2026-04-06 6:26 ` [OE-core][kirkstone 02/18] linux-yocto/5.15: update to v5.15.201 Yoann Congal
2026-04-06 6:26 ` [OE-core][kirkstone 03/18] create-pull-request: Keep commit hash to be pulled in cover email Yoann Congal
2026-04-06 6:26 ` [OE-core][kirkstone 04/18] README.OE-Core: update contributor links and add kirkstone prefix Yoann Congal
2026-04-06 6:26 ` [OE-core][kirkstone 05/18] libtheora: mark CVE-2024-56431 as not vulnerable yet Yoann Congal
2026-04-06 6:26 ` [OE-core][kirkstone 06/18] tzdata,tzcode-native: Upgrade 2025b -> 2025c Yoann Congal
2026-04-06 6:26 ` [OE-core][kirkstone 07/18] tzdata/tzcode-native: upgrade 2025c -> 2026a Yoann Congal
2026-04-06 6:26 ` [OE-core][kirkstone 08/18] python3: Fix CVE-2025-15282 Yoann Congal
2026-04-06 9:09 ` Paul Barker [this message]
2026-04-06 11:44 ` Vijay Anusuri
2026-04-06 11:59 ` Paul Barker
2026-04-06 12:27 ` Vijay Anusuri
2026-04-06 6:26 ` [OE-core][kirkstone 09/18] python3-pyopenssl: Fix CVE-2026-27448 Yoann Congal
2026-04-06 6:26 ` [OE-core][kirkstone 10/18] python3-pyopenssl: Fix CVE-2026-27459 Yoann Congal
2026-04-06 6:26 ` [OE-core][kirkstone 11/18] libarchive: Fix CVE-2026-4111 Yoann Congal
2026-04-06 6:26 ` [OE-core][kirkstone 12/18] vim: Fix CVE-2026-33412 Yoann Congal
2026-04-06 6:26 ` [OE-core][kirkstone 13/18] sqlite3: Fix CVE-2025-70873 Yoann Congal
2026-04-06 6:26 ` [OE-core][kirkstone 14/18] curl: patch CVE-2025-14524 Yoann Congal
2026-04-06 6:26 ` [OE-core][kirkstone 15/18] curl: patch CVE-2026-1965 Yoann Congal
2026-04-06 6:26 ` [OE-core][kirkstone 16/18] curl: patch CVE-2026-3783 Yoann Congal
2026-04-06 6:26 ` [OE-core][kirkstone 17/18] curl: patch CVE-2026-3784 Yoann Congal
2026-04-06 6:26 ` [OE-core][kirkstone 18/18] scripts/install-buildtools: Update to 4.0.34 Yoann Congal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=053f62bc5f48a7ef16d955982e64adecf35714be.camel@pbarker.dev \
--to=paul@pbarker.dev \
--cc=openembedded-core@lists.openembedded.org \
--cc=yoann.congal@smile.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox