python-interpreters/python311
SHA256
6
0
Fork 0
forked from pool/python311
Code Pull Requests Activity

Also addresses CVE-2025-4435 (gh#135034, bsc#1244061).

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=185
This commit is contained in:
Matej Cepl
2025-06-25 19:49:10 +00:00
committed by Git OBS Bridge
parent 8c7cd4472c
commit 7a3e3cf678
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
python311.changes
View File

@@ -4,11 +4,12 @@ Mon Jun 9 17:19:32 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
- Update to 3.11.13: - Update to 3.11.13:
- Security - Security
- gh-135034: Fixes multiple issues that allowed tarfile - gh-135034: Fixes multiple issues that allowed tarfile
extraction filters (filter="data" and filter="tar") to be extraction filters (filter="data" and filter="tar")
bypassed using crafted symlinks and hard links. to be bypassed using crafted symlinks and hard links.
Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138 Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138
(bsc#1244059), CVE-2025-4330 (bsc#1244060), and (bsc#1244059), CVE-2025-4330 (bsc#1244060), and
CVE-2025-4517 (bsc#1244032). CVE-2025-4517 (bsc#1244032). Also addresses CVE-2025-4435
(gh#135034, bsc#1244061).
- gh-133767: Fix use-after-free in the “unicode-escape” - gh-133767: Fix use-after-free in the “unicode-escape”
decoder with a non-“strict” error handler (CVE-2025-4516, decoder with a non-“strict” error handler (CVE-2025-4516,
bsc#1243273). bsc#1243273).