pool/python39
SHA256
9
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1288602 from devel:languages:python:Factory

Browse Source 
Also addresses CVE-2025-4435 (gh#135034, bsc#1244061).

OBS-URL: https://build.opensuse.org/request/show/1288602
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python39?expand=0&rev=77
This commit is contained in:
Ana Guerrero
2025-06-26 09:38:14 +00:00
committed by Git OBS Bridge
parent c2915d540e fe8dd13261
commit fb0f2c0f89
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
python39.changes
View File

@@ -4,11 +4,12 @@ Mon Jun 9 16:14:05 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
- Update to 3.9.23:
- Security
- gh-135034: Fixes multiple issues that allowed tarfile
extraction filters (filter="data" and filter="tar") to be
bypassed using crafted symlinks and hard links.
extraction filters (filter="data" and filter="tar")
to be bypassed using crafted symlinks and hard links.
Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138
(bsc#1244059), CVE-2025-4330 (bsc#1244060), and
CVE-2025-4517 (bsc#1244032).
CVE-2025-4517 (bsc#1244032). Also addresses CVE-2025-4435
(gh#135034, bsc#1244061).
- gh-133767: Fix use-after-free in the “unicode-escape”
decoder with a non-“strict” error handler (CVE-2025-4516,
bsc#1243273).