Update python/cpython from 3.9.18 to 3.9.19
The following dependencies have been updated by deps:
-
python/cpython
from 3.9.18 to 3.9.19
Release Notes
- gh-115399 & gh-115398: bundled libexpat was updated to 2.6.0 to address CVE-2023-52425, and control of the new reparse deferral functionality was exposed with new APIs
- gh-109858:
zipfile
is now protected from the “quoted-overlap” zipbomb to address CVE-2024-0450. It now raisesBadZipFile
when attempting to read an entry that overlaps with another entry or central directory - gh-91133:
tempfile.TemporaryDirectory
cleanup no longer dereferences symlinks when working around file system permission errors to address CVE-2023-6597 - gh-115197:
urllib.request
no longer resolves the hostname before checking it against the system’s proxy bypass list on macOS and Windows - gh-81194: a crash in s
ocket.if_indextoname()
with a specific value (UINT_MAX
) was fixed. Relatedly, an integer overflow insocket.if_indextoname()
on 64-bit non-Windows platforms was fixed - gh-113659:
.pth
files with names starting with a dot or containing the hidden file attribute are now skipped - gh-102388:
iso2022_jp_3
andiso2022_jp_2004
codecs no longer read out of bounds
Edited by Clemens Beck