From the upstream list, these seem applicable to our current releases: 3.7 - 3.12: gh-100001: python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server log. 3.8 - 3.12: gh-87604 : Avoid publishing list of active per-interpreter audit hooks via the gc module. The remaining are either irrelevant (because we're not using bundled Expat) or were backported already.
Thanks for reporting!
Cleanup done.
Thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=665ec86173a28118d28182d8381d593988f1adac commit 665ec86173a28118d28182d8381d593988f1adac Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-04 05:59:08 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-04 06:00:31 +0000 [ GLSA 202405-01 ] Python, PyPy3: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/884653 Bug: https://bugs.gentoo.org/897958 Bug: https://bugs.gentoo.org/908018 Bug: https://bugs.gentoo.org/912976 Bug: https://bugs.gentoo.org/919475 Bug: https://bugs.gentoo.org/927299 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-01.xml | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+)