929045 – <dev-lang/python-{3.11.9,3.12.3}, <dev-python/pypy3_{9,10}-7.3.16: concurrency issues in collections.deque.index() and certificate store access in ssl module

Bug 929045 - <dev-lang/python-{3.11.9,3.12.3}, <dev-python/pypy3_{9,10}-7.3.16: concurrency issues in collections.deque.index() and certificate store access in ssl module

Summary: <dev-lang/python-{3.11.9,3.12.3}, <dev-python/pypy3_{9,10}-7.3.16: concurrenc...

Status:	CONFIRMED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://docs.python.org/release/3.11....
Whiteboard:	A3 [glsa?]
Keywords:

Depends on:	929046 929047 929048 929049 929050 930591
Blocks:
	Show dependency tree

Reported:	2024-04-10 08:38 UTC by Michał Górny
Modified:	2024-05-04 07:22 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michał Górny archtester

2024-04-10 08:38:50 UTC

Relevant bits from the ChangeLog of 3.11.9 (also applies to other versions):

gh-115243: Fix possible crashes in collections.deque.index() when the deque is concurrently modified.

gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads.

Comment 1 Michał Górny archtester

2024-05-04 07:11:11 UTC

cleanup done.