mbox series

[scarthgap,0/3] python3: fix CVE-2026-11940, CVE-2026-11972 and CVE-2026-9669

Message ID 20260706-fix-cves-python-scarthgap-v1-0-8d51db14f7ac@bootlin.com
Headers show
Series python3: fix CVE-2026-11940, CVE-2026-11972 and CVE-2026-9669 | expand

Message

Benjamin Robin (Schneider Electric) July 6, 2026, 11:01 a.m. UTC
This series fix the following CVEs:
 - CVE-2026-11940
 - CVE-2026-11972
 - CVE-2026-9669

On master and wrynose the CVE-2026-9669 patch is not necessary since it is
already included in 3.14.6

Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com>
---
Benjamin Robin (Schneider Electric) (3):
      python3: fix CVE-2026-11940
      python3: fix CVE-2026-11972
      python3: fix CVE-2026-9669

 .../python/python3/CVE-2026-11940.patch            | 66 +++++++++++++++
 .../python/python3/CVE-2026-11972.patch            | 58 +++++++++++++
 .../python/python3/CVE-2026-9669.patch             | 97 ++++++++++++++++++++++
 meta/recipes-devtools/python/python3_3.12.13.bb    |  3 +
 4 files changed, 224 insertions(+)
---
base-commit: 2814f0962f56c8d1afa4de76d2895ba9b5cb767d
change-id: 20260706-fix-cves-python-scarthgap-76eb4e1f3d78

Best regards,
--  
Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com>