Fix changes

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=97
2023-06-28 19:10:39 +00:00 · 2023-06-28 19:10:39 +00:00 · 4c4727d238
commit 4c4727d238
parent 24b222e77c
1 changed files with 4 additions and 2 deletions
--- a/python310.changes
+++ b/python310.changes
@ -9,7 +9,8 @@ Wed Jun 28 16:57:46 UTC 2023 - Matej Cepl <mcepl@suse.com>
    fixed previously in 1.1.1t (gh-101727).
  - gh-102153: urllib.parse.urlsplit() now strips leading C0
    control and space characters following the specification for
-    URLs defined by WHATWG in response to CVE-2023-24329.
+    URLs defined by WHATWG in response to CVE-2023-24329
+    (bsc#1208471).
  - gh-99889: Fixed a security in flaw in uu.decode() that could
    allow for directory traversal based on the input if no
    out_file was specified.
@ -22,7 +23,8 @@ Wed Jun 28 16:57:46 UTC 2023 - Matej Cepl <mcepl@suse.com>
    shutil.unpack_archive(), have a new filter argument that
    allows limiting tar features than may be surprising or
    dangerous, such as creating files outside the destination
-    directory. See Extraction filters for details.
+    directory. See Extraction filters for details (fixing
+    CVE-2007-4559, bsc#1203750).
 - Remove upstreamed patches:
  - CVE-2023-24329-blank-URL-bypass.patch
  - CVE-2007-4559-filter-tarfile_extractall.patch