[SECURITY] Fedora 41 Update: python3.13-3.13.1-2.fc41

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-3c18fe0d93
2024-12-22 02:00:45.593936+00:00
--------------------------------------------------------------------------------

Name        : python3.13
Product     : Fedora 41
Version     : 3.13.1
Release     : 2.fc41
URL         : https://www.python.org/
Summary     : Version 3.13 of the Python interpreter
Description :
Python 3.13 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

--------------------------------------------------------------------------------
Update Information:

This is the first maintenance release of Python 3.13
Python 3.13 is the newest major release of the Python programming language, and
it contains many new features and optimizations compared to Python 3.12. 3.13.1
is the latest maintenance release, containing almost 400 bugfixes, build
improvements and documentation changes since 3.13.0.
Security content in this release
gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the
mapped IPv4 address value for deciding properties. Properties which have their
behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and
is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation
scripts.
gh-125140: Remove the current directory from sys.path when using PyREPL.
CVE-2024-12254: Unbounded memory buffering in
SelectorSocketTransport.writelines() fixed.
libdnf and libcomps fixes
Fix segfaults in iterators (Python 3.13.1 made this crash happen in regular
usage)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec  9 2024 Miro HronÄ?ok <mhroncok@xxxxxxxxxx> - 3.13.1-2
- Security fix for CVE-2024-12254
- Fixes: rhbz#2330927
* Tue Dec  3 2024 Charalampos Stratakis <cstratak@xxxxxxxxxx> - 3.13.1-1
- Update to 3.13.1
- Security fix for CVE-2024-9287
- Fixes: rhbz#2321657
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2321657 - CVE-2024-9287 python3.13: Virtual environment (venv) activation scripts don't quote paths [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2321657
  [ 2 ] Bug #2330562 - python3-libdnf segfaults when iterating over an iterator of a ConfigParser section
        https://bugzilla.redhat.com/show_bug.cgi?id=2330562
  [ 3 ] Bug #2330927 - CVE-2024-12254 python3.13: Unbounded memory buffering in SelectorSocketTransport.writelines() [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2330927
  [ 4 ] Bug #2331665 - libcomps segfaults when iterating over and iterator from an iterator
        https://bugzilla.redhat.com/show_bug.cgi?id=2331665
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-3c18fe0d93' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

-- 
_______________________________________________
package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[Index of Archives]     [Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]

  Powered by Linux