Differential D57718

lang/python314: Backport two security fixes
Needs RevisionPublic
Actions

Authored by des on Sat, Jun 20, 8:08 PM.

Details

Reviewers

vishwin

Group Reviewers

Python

Summary

Backport patches for CVE-2025-15366 and CVE-2025-15367.

MFH: 2026Q2

Diff Detail

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 74073
Build 70956: arc lint + arc unit

Event Timeline

des requested review of this revision.Sat, Jun 20, 8:08 PM

des created this revision.

Harbormaster completed remote builds in B74073: Diff 180202.Sat, Jun 20, 8:08 PM

These are intentionally omitted because upstream is still evaluating their functional correctness relative to the RFCs these modules implement, despite having committed in trunk.

This revision now requires changes to proceed.Sat, Jun 20, 8:56 PM

In D57718#1323218, @vishwin wrote:

These are intentionally omitted because upstream is still evaluating their functional correctness relative to the RFCs these modules implement, despite having committed in trunk.

That is not an accurate representation of the situation. Upstream has decided not to backport these patches not because they have doubts about their correctness but because they don't want to break backward compatibility on an existing release branch. We would not be the first redistributor to disagree with upstream and backport the patches; Red Hat for instance currently ships Python 3.12 with these patches backported.