Opened 2 years ago
Closed 2 years ago
#5177 closed enhancement (fixed)
python3-3.11.1
Reported by: | Bruce Dubbs | Owned by: | lfs-book |
---|---|---|---|
Priority: | high | Milestone: | 11.3 |
Component: | Book | Version: | git |
Severity: | normal | Keywords: | |
Cc: |
Description
New point version.
Change History (5)
comment:1 by , 2 years ago
Priority: | normal → high |
---|
comment:2 by , 2 years ago
Release notes are at https://docs.python.org/3/whatsnew/3.11.html
Version 0, edited 2 years ago by (next)
comment:3 by , 2 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Fixed at commit c9aabf13a1e8e1fb57688a7dea2f2ca2f1a9e1ab
Ensure a gawk hard link is updated in Chapter 8. Update to iana-etc-20221209. Update to vim-9.0.1060. Update to iproute2-6.1.0. Update to xz-5.4.0. Update to bash-5.2.15. Update to psmisc-23.6. Update to mpc-1.3.0. Update to python3-3.11.1. Update to procps-ng-4.0.2.
comment:4 by , 2 years ago
Resolution: | fixed |
---|---|
Status: | closed → reopened |
Security fixes: (note that the consolidated changelog is for all 3.11 releases and pre-releases.
gh-100001: python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server log. This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before printing. gh-87604: Avoid publishing list of active per-interpreter audit hooks via the gc module gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name. gh-98739: Update bundled libexpat to 2.5.0 gh-97612: Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. Issue reported and initial fix by Caleb Shortt. Patch by Victor Stinner.
gh-98433 is CVE-2022-4561, rated High
That is also fixed in Python-3.10.9 for people sticking to the 3.10 series to avoid rebuilding all the installed modules.
Note:
See TracTickets
for help on using tickets.
5 security fixes