From 7a3e3cf678910bbfc123b4bfd217f532368ae0c14cb711fadc6e2a513d651750 Mon Sep 17 00:00:00 2001
From: Matej Cepl <mcepl@suse.com>
Date: Wed, 25 Jun 2025 19:49:10 +0000
Subject: [PATCH] Also addresses CVE-2025-4435 (gh#135034, bsc#1244061).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=185
---
 python311.changes | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/python311.changes b/python311.changes
index 35d93e5..4f823b9 100644
--- a/python311.changes
+++ b/python311.changes
@@ -4,11 +4,12 @@ Mon Jun  9 17:19:32 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
 - Update to 3.11.13:
   - Security
     - gh-135034: Fixes multiple issues that allowed tarfile
-      extraction filters (filter="data" and filter="tar") to be
-      bypassed using crafted symlinks and hard links.
+      extraction filters (filter="data" and filter="tar")
+      to be bypassed using crafted symlinks and hard links.
       Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138
       (bsc#1244059), CVE-2025-4330 (bsc#1244060), and
-      CVE-2025-4517 (bsc#1244032).
+      CVE-2025-4517 (bsc#1244032). Also addresses CVE-2025-4435
+      (gh#135034, bsc#1244061).
     - gh-133767: Fix use-after-free in the “unicode-escape”
       decoder with a non-“strict” error handler (CVE-2025-4516,
       bsc#1243273).