Skip to content

go-discover/0_git20251120 package update#72445

Merged
AmberArcadia merged 1 commit intomainfrom
staging-update-bot/go-discover.yaml
Nov 20, 2025
Merged

go-discover/0_git20251120 package update#72445
AmberArcadia merged 1 commit intomainfrom
staging-update-bot/go-discover.yaml

Conversation

@octo-sts
Copy link
Copy Markdown
Contributor

@octo-sts octo-sts Bot commented Nov 20, 2025

Commit: 86c864382c680d837485349990a0be2d0d4dcd00

@octo-sts octo-sts Bot added automated pr go-discover request-version-update request for a newer version of a package P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. auto-approver-bot/initial-checks-failed auto-approver-bot/initial-checks-missing labels Nov 20, 2025
@AmberArcadia AmberArcadia self-assigned this Nov 20, 2025
@AmberArcadia AmberArcadia merged commit 3df40d5 into main Nov 20, 2025
26 of 27 checks passed
@AmberArcadia AmberArcadia deleted the staging-update-bot/go-discover.yaml branch November 20, 2025 18:53
octo-sts-6 Bot pushed a commit that referenced this pull request Apr 23, 2026
@brianmcarey
python-3.14: cherry-pick fix for critical CVE-2026-6100 (#72445)
2ba7218 
- **CVE-2026-6100** (Critical, CVSS 9.1) — Use-after-free in `lzma.LZMADecompressor`,
    `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a decompressor instance is re-used
    after MemoryError. Cherry-pick of commit `6a5f79c8` from the 3.14 branch.
    - GHSA: GHSA-pg25-7cx5-cvcm
    - Upstream: python/cpython#148480

- **CVE-2026-1502** (Medium) — CR/LF bytes not rejected in HTTP client proxy tunnel
    headers. Cherry-pick of commit `b1cf9016` from the 3.14 branch.
    - GHSA: GHSA-hjxq-7w9q-2jw6
    - Upstream: python/cpython#148342

- **CVE-2026-4786** (High) — Incomplete mitigation of CVE-2026-4519; `%action`
    substitution bypass of dash-prefix check in `webbrowser`. Cherry-pick of commit
    `d22922c8` from main (3.14 backport PR #148516 is open and mergeable; identical
    file changes verified).
    - GHSA: GHSA-cccx-m78h-m3xw
    - Upstream: python/cpython#148170

Signed-off-by: Brian Carey <brian.carey@chainguard.dev>

Export:  edefd2a320a9e3d0ed5d7eb99a5b6f5c35bcb7fc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AmberArcadia AmberArcadia AmberArcadia approved these changes

Assignees

@AmberArcadia AmberArcadia

Labels

auto-approver-bot/initial-checks-failed auto-approver-bot/initial-checks-missing automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. go-discover manual/review-needed P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. request-version-update request for a newer version of a package staging-approver-bot/manual-review-needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AmberArcadia @cmwilson21