factory
- Update to 1.1.3 (fixes CVE-2026-23879 (bsc#1268669),
CVE-2026-55195 (bsc#1268665), CVE-2026-55206 (bsc#1268666))
* CVE-2026-23879: Arbitrary File Write Vulnerability in py7zr (high severity)
- Harden check of path traversal and enhance test cases to reproduce many
attack scenarios.
* CVE-2026-55206: O(n^2) algorithmic complexity DoS in PackInfo._read() in
py7zr
- Enforced variation of the parameter with a limit and optimized
calculation algorithm to prevent excessive CPU consumption.
* CVE-2026-55195: py7zr <= 1.1.2: Decompression bomb (zip bomb) denial of
service via unchecked extraction size
- Added check of extraction size and introduced max_extract_size as
constructor parameter to guard against excessive decompression.
OBS-URL: https://build.opensuse.org/request/show/1361284
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-py7zr?expand=0&rev=12
Description
No description provided
Languages
RPM Spec
100%