- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix

bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter for tarfile.extractall". OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=64
2023-05-03 10:14:51 +00:00 · 2023-05-03 10:14:51 +00:00 · 39157872a5
commit 39157872a5
parent 7cfc036a7d
1 changed files with 3 additions and 3 deletions
--- a/python311.changes
+++ b/python311.changes
@ -5,6 +5,9 @@ Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl <mcepl@suse.com>
 - Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053).
 - Add skip_if_buildbot-extend.patch to avoid the bug altogether
  (extending what skip_if_buildbot covers).
+- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
+  bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter
+  for tarfile.extractall".

 -------------------------------------------------------------------
 Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl <mcepl@suse.com>
@ -15,9 +18,6 @@ Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl <mcepl@suse.com>
      and macOS binary release builds to 1.1.1t to address
      CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the
      OpenSSL 2023-02-07 security advisory.
-    - gh-101283: subprocess.Popen now uses a safer approach to
-      find cmd.exe when launching with shell=True. Patch by Eryk
-      Sun, based on a patch by Oleg Iarygin.
  - Core and Builtins
    - gh-101975: Fixed stacktop value on tracing entries to avoid
      corruption on garbage collection.