Fix changes
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=97
This commit is contained in:
Git OBS Bridge
parent
24b222e77c
commit
4c4727d238
@ -9,7 +9,8 @@ Wed Jun 28 16:57:46 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
|||||||
fixed previously in 1.1.1t (gh-101727).
|
fixed previously in 1.1.1t (gh-101727).
|
||||||
- gh-102153: urllib.parse.urlsplit() now strips leading C0
|
- gh-102153: urllib.parse.urlsplit() now strips leading C0
|
||||||
control and space characters following the specification for
|
control and space characters following the specification for
|
||||||
URLs defined by WHATWG in response to CVE-2023-24329.
|
URLs defined by WHATWG in response to CVE-2023-24329
|
||||||
|
(bsc#1208471).
|
||||||
- gh-99889: Fixed a security in flaw in uu.decode() that could
|
- gh-99889: Fixed a security in flaw in uu.decode() that could
|
||||||
allow for directory traversal based on the input if no
|
allow for directory traversal based on the input if no
|
||||||
out_file was specified.
|
out_file was specified.
|
||||||
@ -22,7 +23,8 @@ Wed Jun 28 16:57:46 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
|||||||
shutil.unpack_archive(), have a new filter argument that
|
shutil.unpack_archive(), have a new filter argument that
|
||||||
allows limiting tar features than may be surprising or
|
allows limiting tar features than may be surprising or
|
||||||
dangerous, such as creating files outside the destination
|
dangerous, such as creating files outside the destination
|
||||||
directory. See Extraction filters for details.
|
directory. See Extraction filters for details (fixing
|
||||||
|
CVE-2007-4559, bsc#1203750).
|
||||||
- Remove upstreamed patches:
|
- Remove upstreamed patches:
|
||||||
- CVE-2023-24329-blank-URL-bypass.patch
|
- CVE-2023-24329-blank-URL-bypass.patch
|
||||||
- CVE-2007-4559-filter-tarfile_extractall.patch
|
- CVE-2007-4559-filter-tarfile_extractall.patch
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user