os

os copied to clipboard

Reame
Issues

python-3.12, python-3.13: Apply CVE-2025-4516 patch

Open dakaneye opened this issue 7 months ago • 0 comments

Summary

Fix use-after-free vulnerability in the unicode-escape decoder with non-strict error handlers.

Details

CVE: CVE-2025-4516
Severity: Medium
Issue: Use-after-free crash when using bytes.decode("unicode_escape", error="ignore|replace")

Changes

Add CVE-2025-4516.patch from upstream merged PRs
- Python 3.12: PR #134337
- Python 3.13: PR #133944
Increment epoch to 2 for both packages

Status

✅ Python 3.12: Upstream patch merged and applied
✅ Python 3.13: Upstream patch merged and applied
⏳ Python 3.9, 3.10, 3.11: Waiting for upstream PRs to be merged

Testing

CI will validate that:

Patches apply cleanly
Packages build successfully
Tests pass

References

CVE-2025-4516 Details
Security Advisory
Related to: chainguard-dev/internal-dev#12589

May 28 '25 23:05 dakaneye