Differential D57717

lang/python313: Backport two security fixes
Needs RevisionPublic
Actions

Authored by des on Sat, Jun 20, 8:08 PM.

Details

Reviewers

vishwin

Group Reviewers

Python

Summary

Backport patches for CVE-2025-15366 and CVE-2025-15367.

MFH: 2026Q2

Diff Detail

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 74072
Build 70955: arc lint + arc unit

Event Timeline

des requested review of this revision.Sat, Jun 20, 8:08 PM

des created this revision.

Harbormaster completed remote builds in B74072: Diff 180201.Sat, Jun 20, 8:08 PM

This is intentionally omitted because upstream is still evaluating its functional correctness relative to the RFC this module implements, despite having committed in trunk.

This revision now requires changes to proceed.Sat, Jun 20, 8:55 PM

In D57717#1323214, @vishwin wrote:

This is intentionally omitted because upstream is still evaluating its functional correctness relative to the RFC this module implements, despite having committed in trunk.

That is not an accurate representation of the situation. Upstream has decided not to backport these patches not because they have doubts about their correctness but because they don't want to break backward compatibility on an existing release branch. We would not be the first redistributor to disagree with upstream and backport the patches; Red Hat for instance currently ships Python 3.12 with these patches backported.