-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 11 Oct 2023 10:51:27 +0100 Source: python3.7 Architecture: source Version: 3.7.3-2+deb10u6 Distribution: buster-security Urgency: high Maintainer: Matthias Klose <doko@debian.org> Changed-By: Sean Whitton <spwhitton@spwhitton.name> Changes: python3.7 (3.7.3-2+deb10u6) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2022-48560: Use-after-free via heappushpop in heapq. * CVE-2022-48564: Potential DoS in read_ints in plistlib.py. * CVE-2022-48565: Avoid XML External Entity (XXE) issues by rejecting entity declarations in XML plist files in plistlib. * CVE-2022-48566: Avoid some possible constant-time-defeating compiler optimisations in the accumulator variable in hmac.compare_digest. * CVE-2023-40217: Fix possible bypass of some of the protections implemented by the TLS handshake in ssl.SSLSocket class. - Also apply two upstream commits to stabilise the test suite. Checksums-Sha1: 42450647dc2c0672b05b6bd8c16808430a5adb15 3441 python3.7_3.7.3-2+deb10u6.dsc a57b7d218ecf0499f7637d976ebb7ca9bff4f6be 249688 python3.7_3.7.3-2+deb10u6.debian.tar.xz 51cb58f11820d3d85fb27bb0cb9a5b98ac36eb35 8707 python3.7_3.7.3-2+deb10u6_source.buildinfo Checksums-Sha256: c4135134f704d53eba2c9a5c707268c259ef8631946797d53c8b0070335eb72c 3441 python3.7_3.7.3-2+deb10u6.dsc b4451d2bb09ee7c07cd82ea0366aecf7f6b73da3ddd6fa263c3ba0437b6c7348 249688 python3.7_3.7.3-2+deb10u6.debian.tar.xz d3fffa7b967c6604777bf90dbc4703f93d414146110cc332c57d4744bf356b9b 8707 python3.7_3.7.3-2+deb10u6_source.buildinfo Files: 2a87f4a0a696fc9511f7756350442f0c 3441 python optional python3.7_3.7.3-2+deb10u6.dsc fe14e390737aa8fbf98d8221b31797e1 249688 python optional python3.7_3.7.3-2+deb10u6.debian.tar.xz 4bce65bb543317462b02d5d78b5b8815 8707 python optional python3.7_3.7.3-2+deb10u6_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmUm7Q8ZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQLJhD/wIRCtW/OnaMcLYbi5iKl9T 2q2onPkhbHwx8GnbneoowPqBYk5ePuY/+sSgmZ3MVn+Sk55NooNUK3mlxuyav72R xAXRMlNr5k3a+zsUBt+f6/Yrjs2Fq2x+6Y0Z9AYcVoqGeHdhGg1eGBjbAEGaGqG+ jUHGL1uU++QDlAZ8/+s+tA6E/suZ9LJSL+M6A9/YnL9QAPUgeeAuJtkx5DuKiNb+ DPNgGrw5T5HmmIU+zFMM7rFFYF/oDLkuq9LXONabSxRO2+Vn/9E34xIjAbGUjRZd xSmSW8nvwC2LoE55aG7gBnaF8LYkusEv6gYTUKbb3W7pJCgS6Fe2bVnwjk5O2Vk4 0AzM5UKxOK0sEqs/X3/PZADy4JjHz3f/7gCw7dVYCJx1NCP4+X+/pVYJzjsj0Npl c29IzwrZrrYHecmPHczS+sIlxfCqhStjZUgKDgejPVdUfkqW4k1hagSOsDwoDO9B ZVCYF7u51TSSqlS1GeHx9OS4vDzXqYJPNQsWw/RULOFIW4uuJDSydIElHFYskA71 aXjCvyxj8KrA7qrbH4kdF6RK1NgLOHeY/QOjzBcA02v49XoQXRboMEYYYpQ7HK0N 6APp7s0DANR0T3Qpn3lG+ZqsmJt1KKoSEFTDV7J5JLwtcLGm7KenWn32wZQDKwtz CnDkx4kc9qlB0B8pd7G9rg== =3cA1 -----END PGP SIGNATURE-----
