PT-2025-54912 · Opensuse · Python39+2

Published

2025-12-17

·

Updated

2025-12-17

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
This update for python39 fixes the following issues:
  • Update to 3.9.25:
  • Security
    • gh-137836: Add support of the “plaintext” element, RAWTEXT elements “xmp”, “iframe”, “noembed” and “noframes”, and optionally RAWTEXT element “noscript” in html.parser.HTMLParser.
    • gh-136063: email.message: ensure linear complexity for legacy HTTP parameters parsing. Patch by Bénédikt Tran.
  • Library
    • gh-98793: Fix argument typechecks in overlapped.WSAConnect() and overlapped.Overlapped.WSASendTo() functions. bpo-44817: Ignore WinError 53 (ERROR BAD NETPATH), 65 (ERROR NETWORK ACCESS DENIED) and 161 (ERROR BAD PATHNAME) when using ntpath.realpath().
  • Core and Builtins
    • gh-120384: Fix an array out of bounds crash in list ass subscript, which could be invoked via some specificly tailored input: including concurrent modification of a list object, where one thread assigns a slice and another clears it.
    • gh-120298: Fix use-after free in list richcompare impl which can be invoked via some specificly tailored evil input.
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

SUSE-SU-2025:4433-1

Affected Products

Python39
Python39-Core
Python39-Documentation