Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 929045

Summary: <dev-lang/python-{3.11.9,3.12.3}, <dev-python/pypy3_{9,10}-7.3.16: concurrency issues in collections.deque.index() and certificate store access in ssl module
Product: Gentoo Security Reporter: Michał Górny <mgorny>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: python
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://docs.python.org/release/3.11.9/whatsnew/changelog.html#security
Whiteboard: A3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 929046, 929047, 929048, 929049, 929050, 930591    
Bug Blocks:    

Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2024-04-10 08:38:50 UTC
Relevant bits from the ChangeLog of 3.11.9 (also applies to other versions):

gh-115243: Fix possible crashes in collections.deque.index() when the deque is concurrently modified.

gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads.
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2024-05-04 07:11:11 UTC
cleanup done.