- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent

malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, CVE-2024-8088). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=62
2024-08-29 12:59:16 +00:00
parent 427d18bfde
commit ffe5956a88
3 changed files with 158 additions and 0 deletions
--- a/python312.spec
+++ b/python312.spec
@@ -186,6 +186,9 @@ Patch40:        fix-test-recursion-limit-15.6.patch
 # PATCH-FIX-SLE docs-docutils_014-Sphinx_420.patch bsc#[0-9]+ mcepl@suse.com
 # related to gh#python/cpython#119317
 Patch41:        docs-docutils_014-Sphinx_420.patch
+# PATCH-FIX-UPSTREAM CVE-2024-8088-inf-loop-zipfile_Path.patch bsc#1229704 mcepl@suse.com
+# avoid denial of service in zipfile
+Patch42:        CVE-2024-8088-inf-loop-zipfile_Path.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes