meta-openembedded

helium-3rd-party/meta-openembedded

Fork 0

mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-10 10:00:04 +00:00

Commit Graph

Author	SHA1	Message	Date
Gyorgy Sarvari	90d7c90075	python3-nltk: upgrade 3.9.3 -> 3.9.4 Changes: * Support Python 3.14 * Fix bug in Levenshtein distance when substitution_cost > 2 * Fix bug in Treebank detokeniser re quote ordering * Fix bug in Jaro similarity for empty strings * Several security enhancements * Fix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder * Implement TextTiling vocabulary introduction method (Hearst 1997) * Fix ALINE feature matrix errors and add comprehensive tests * Support multiple VerbNet versions, fix longid/shortid regex for VerbNet ids * Let downloader fallback to md5 when sha256 is unavailable * Several other minor bugfixes and code cleanups Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>	2026-04-01 13:16:41 -07:00
Gyorgy Sarvari	001d503fe7	python3-nltk: mark CVE-2026-0846 patched Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0846 It has been fixed in version 3.9.3, however NVD tracks it without CPE/version info. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-03-18 14:33:28 -07:00
Gyorgy Sarvari	14d464c150	python3-nltk: upgrade 3.9.2 -> 3.9.3 Contains fix for CVE-2026-14009. Changelog: * Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader * Block path traversal/arbitrary reads in nltk.data for protocol-less refs * Block path traversal/abs paths in corpus readers and FS pointers * Validate external StanfordSegmenter JARs using SHA256 * Add optional sandbox enforcement for filestring() * Maintenance: downloader/zipped models, CI/tooling updates Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2026-02-24 22:30:31 -08:00

Author

SHA1

Message

Date

Gyorgy Sarvari

90d7c90075

python3-nltk: upgrade 3.9.3 -> 3.9.4

Changes:

* Support Python 3.14
* Fix bug in Levenshtein distance when substitution_cost > 2
* Fix bug in Treebank detokeniser re quote ordering
* Fix bug in Jaro similarity for empty strings
* Several security enhancements
* Fix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder
* Implement TextTiling vocabulary introduction method (Hearst 1997)
* Fix ALINE feature matrix errors and add comprehensive tests
* Support multiple VerbNet versions, fix longid/shortid regex for VerbNet ids
* Let downloader fallback to md5 when sha256 is unavailable
* Several other minor bugfixes and code cleanups

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>

2026-04-01 13:16:41 -07:00

Gyorgy Sarvari

001d503fe7

python3-nltk: mark CVE-2026-0846 patched

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0846

It has been fixed in version 3.9.3, however NVD tracks it
without CPE/version info.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

2026-03-18 14:33:28 -07:00

Gyorgy Sarvari

14d464c150

python3-nltk: upgrade 3.9.2 -> 3.9.3

Contains fix for CVE-2026-14009.

Changelog:
* Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader
* Block path traversal/arbitrary reads in nltk.data for protocol-less refs
* Block path traversal/abs paths in corpus readers and FS pointers
* Validate external StanfordSegmenter JARs using SHA256
* Add optional sandbox enforcement for filestring()
* Maintenance: downloader/zipped models, CI/tooling updates

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

2026-02-24 22:30:31 -08:00

3 Commits