anag_factory 1822ce3742 Accepting request 1361284 from devel:languages:python
- Update to 1.1.3 (fixes CVE-2026-23879 (bsc#1268669),
  CVE-2026-55195 (bsc#1268665), CVE-2026-55206 (bsc#1268666))
  * CVE-2026-23879: Arbitrary File Write Vulnerability in py7zr (high severity)
    - Harden check of path traversal and enhance test cases to reproduce many
      attack scenarios.
  * CVE-2026-55206: O(n^2) algorithmic complexity DoS in PackInfo._read() in
    py7zr
    - Enforced variation of the parameter with a limit and optimized
      calculation algorithm to prevent excessive CPU consumption.
  * CVE-2026-55195: py7zr <= 1.1.2: Decompression bomb (zip bomb) denial of
    service via unchecked extraction size 
    - Added check of extraction size and introduced max_extract_size as
      constructor parameter to guard against excessive decompression.

OBS-URL: https://build.opensuse.org/request/show/1361284
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-py7zr?expand=0&rev=12
2026-06-23 15:41:38 +00:00
S
Description
No description provided
88 KiB
Languages
RPM Spec 100%