Skip to content

Update python/cpython from 3.9.18 to 3.9.19

Ghost User requested to merge deps/8260260-38bab3d into master

The following dependencies have been updated by deps:

  • python/cpython from 3.9.18 to 3.9.19

Release Notes

  • gh-115399 & gh-115398: bundled libexpat was updated to 2.6.0 to address CVE-2023-52425, and control of the new reparse deferral functionality was exposed with new APIs
  • gh-109858: zipfile is now protected from the “quoted-overlap” zipbomb to address CVE-2024-0450. It now raises BadZipFile when attempting to read an entry that overlaps with another entry or central directory
  • gh-91133: tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when working around file system permission errors to address CVE-2023-6597
  • gh-115197: urllib.request no longer resolves the hostname before checking it against the system’s proxy bypass list on macOS and Windows
  • gh-81194: a crash in socket.if_indextoname() with a specific value (UINT_MAX) was fixed. Relatedly, an integer overflow in socket.if_indextoname() on 64-bit non-Windows platforms was fixed
  • gh-113659: .pth files with names starting with a dot or containing the hidden file attribute are now skipped
  • gh-102388: iso2022_jp_3 and iso2022_jp_2004 codecs no longer read out of bounds

https://www.python.org/downloads/release/python-3919/

Edited by Clemens Beck

Merge request reports