Accepted python3.7 3.7.3-2+deb10u6 (source) into oldoldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted python3.7 3.7.3-2+deb10u6 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 11 Oct 2023 19:00:18 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: python3.7_3.7.3-2+deb10u6_source.changes
- Debian-source: python3.7
- Debian-suite: oldoldstable
- Debian-version: 3.7.3-2+deb10u6
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=4S0+p7KRYF9xJHmB/X1bns8rqMwEceJCW0JS873W06w=; b=CwP7TWbQgo4G9CjA+/g6qNuxeH xyqXGvpEosrGYTypxsPG/2lmLHOvsN/+zE9tgzGNNSW+fhqbFvlejnoY0sXPqfSztXcxy/ZQ68qPZ x+wsK+6Df5mg8M3kgr5U+yYXqwrCKZbkXMmkzCUH7aWUbQxflDe7bWh6ue0FLO3yWrPu7lmKWqXIn tNiYmsFYh7d0GU9wopRqIKWOOK7e2fljLh5F0Cq+nxeIxM4tfjNFHKNfWBF5Thkq6tnFkP8wqouIa 8v52oEC/jtzAhzSeLMbE/gOadrBeQ3UzgiDIVL0MrPKR7gKX6VU1WekipIsqxHRhxkWqnKvj9Kj2a eDCmCDUw==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1qqeRO-00BhsN-51@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 11 Oct 2023 10:51:27 +0100
Source: python3.7
Architecture: source
Version: 3.7.3-2+deb10u6
Distribution: buster-security
Urgency: high
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Sean Whitton <spwhitton@spwhitton.name>
Changes:
python3.7 (3.7.3-2+deb10u6) buster-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2022-48560: Use-after-free via heappushpop in heapq.
* CVE-2022-48564: Potential DoS in read_ints in plistlib.py.
* CVE-2022-48565: Avoid XML External Entity (XXE) issues by rejecting
entity declarations in XML plist files in plistlib.
* CVE-2022-48566: Avoid some possible constant-time-defeating compiler
optimisations in the accumulator variable in hmac.compare_digest.
* CVE-2023-40217: Fix possible bypass of some of the protections
implemented by the TLS handshake in ssl.SSLSocket class.
- Also apply two upstream commits to stabilise the test suite.
Checksums-Sha1:
42450647dc2c0672b05b6bd8c16808430a5adb15 3441 python3.7_3.7.3-2+deb10u6.dsc
a57b7d218ecf0499f7637d976ebb7ca9bff4f6be 249688 python3.7_3.7.3-2+deb10u6.debian.tar.xz
51cb58f11820d3d85fb27bb0cb9a5b98ac36eb35 8707 python3.7_3.7.3-2+deb10u6_source.buildinfo
Checksums-Sha256:
c4135134f704d53eba2c9a5c707268c259ef8631946797d53c8b0070335eb72c 3441 python3.7_3.7.3-2+deb10u6.dsc
b4451d2bb09ee7c07cd82ea0366aecf7f6b73da3ddd6fa263c3ba0437b6c7348 249688 python3.7_3.7.3-2+deb10u6.debian.tar.xz
d3fffa7b967c6604777bf90dbc4703f93d414146110cc332c57d4744bf356b9b 8707 python3.7_3.7.3-2+deb10u6_source.buildinfo
Files:
2a87f4a0a696fc9511f7756350442f0c 3441 python optional python3.7_3.7.3-2+deb10u6.dsc
fe14e390737aa8fbf98d8221b31797e1 249688 python optional python3.7_3.7.3-2+deb10u6.debian.tar.xz
4bce65bb543317462b02d5d78b5b8815 8707 python optional python3.7_3.7.3-2+deb10u6_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmUm7Q8ZHHNwd2hpdHRv
bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQLJhD/wIRCtW/OnaMcLYbi5iKl9T
2q2onPkhbHwx8GnbneoowPqBYk5ePuY/+sSgmZ3MVn+Sk55NooNUK3mlxuyav72R
xAXRMlNr5k3a+zsUBt+f6/Yrjs2Fq2x+6Y0Z9AYcVoqGeHdhGg1eGBjbAEGaGqG+
jUHGL1uU++QDlAZ8/+s+tA6E/suZ9LJSL+M6A9/YnL9QAPUgeeAuJtkx5DuKiNb+
DPNgGrw5T5HmmIU+zFMM7rFFYF/oDLkuq9LXONabSxRO2+Vn/9E34xIjAbGUjRZd
xSmSW8nvwC2LoE55aG7gBnaF8LYkusEv6gYTUKbb3W7pJCgS6Fe2bVnwjk5O2Vk4
0AzM5UKxOK0sEqs/X3/PZADy4JjHz3f/7gCw7dVYCJx1NCP4+X+/pVYJzjsj0Npl
c29IzwrZrrYHecmPHczS+sIlxfCqhStjZUgKDgejPVdUfkqW4k1hagSOsDwoDO9B
ZVCYF7u51TSSqlS1GeHx9OS4vDzXqYJPNQsWw/RULOFIW4uuJDSydIElHFYskA71
aXjCvyxj8KrA7qrbH4kdF6RK1NgLOHeY/QOjzBcA02v49XoQXRboMEYYYpQ7HK0N
6APp7s0DANR0T3Qpn3lG+ZqsmJt1KKoSEFTDV7J5JLwtcLGm7KenWn32wZQDKwtz
CnDkx4kc9qlB0B8pd7G9rg==
=3cA1
-----END PGP SIGNATURE-----