Pick patch for this CVE merged into 3.10 branch.
(From OE-Core rev: 8888cd14eb102574d530b6c683ce5beaad1aaa39)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Pick patch from 3.12 branch per NVD report.
(From OE-Core rev: cfbac1d5edae4b0204ec4c01b5f710d100ceb2ad)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
If the value passed to os.path.expandvars() is user-controlled a
performance degradation is possible when expanding environment variables.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-6075
Upstream-patch:
892747b4cf
(From OE-Core rev: 9a7f33d85355ffbe382aa175c04c64541e77b441)
Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Drop upstreamed patch and refresh remaining patches.
Release information:
* https://www.python.org/downloads/release/python-31019/
* The release you're looking at is Python 3.10.19, a security bugfix
release for the legacy 3.10 series.
Handles CVE-2025-59375, CVE-2025-47273 and CVE-2024-6345.
(From OE-Core rev: 9b3dbd691f6ebdbdfe88cef3d3a676ddd1399c63)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
