Security fix for CVE-2025-12084

2026-01-14 07:09:06 +01:00 · 2026-01-14 07:09:06 +01:00 · f82d8070ea
commit f82d8070ea
parent 300b96687a
2 changed files with 151 additions and 1 deletions
--- a/python3.9.spec
+++ b/python3.9.spec
@ -17,7 +17,7 @@ URL: https://www.python.org/
 #global prerel ...
 %global upstream_version %{general_version}%{?prerel}
 Version: %{general_version}%{?prerel:~%{prerel}}
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: Python


@ -403,6 +403,13 @@ Patch407: 00407-gh-99086-fix-implicit-int-compiler-warning-in-configure-check-fo
 # even when cross-compiling.
 Patch452: 00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch

+# 00471 # fc5f344f7e15c13dbf41824a1b7a82d92205f79d
+# CVE-2025-12084
+#
+# * gh-142145: Remove quadratic behavior in node ID cache clearing (GH-142146)
+# * gh-142754: Ensure that Element & Attr instances have the ownerDocument attribute (GH-142794)
+Patch471: 00471-cve-2025-12084.patch
+
 # (New patches go here ^^^)
 #
 # When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@ -1892,6 +1899,9 @@ CheckPython optimized
 # ======================================================

 %changelog
+* Wed Jan 14 2026 Lumír Balhar <lbalhar@redhat.com> - 3.9.25-3
+- Security fix for CVE-2025-12084
+
 * Mon Nov 10 2025 Tomas Orsava <torsava@redhat.com> - 3.9.25-2
 - Move _sysconfigdata_d_linux*.py to the debug subpackage