Add CVE-2025-8291-consistency-zip64.patch

Checks consistency of the zip64 end of central directory record, and preventing obfuscation of the payload, i.e., you scanning for malicious content in a ZIP file with one ZIP parser (let's say a Rust one) then unpack it in production with another (e.g., the Python one) and get malicious content that the other parser did not see (CVE-2025-8291, bsc#1251305) Readjust patches while synchronizing between openSUSE and SLE trees: - F00251-change-user-install-location.patch - doc-py38-to-py36.patch - gh126985-mv-pyvenv.cfg2getpath.patch
2025-11-04 17:47:42 +01:00
parent 6823a127f7
commit ff726ffdd5
6 changed files with 390 additions and 91 deletions
--- a/python313.changes
+++ b/python313.changes
@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Tue Nov  4 16:44:05 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Add CVE-2025-8291-consistency-zip64.patch which checks
+  consistency of the zip64 end of central directory record, and
+  preventing obfuscation of the payload, i.e., you scanning for
+  malicious content in a ZIP file with one ZIP parser (let's say
+  a Rust one) then unpack it in production with another (e.g.,
+  the Python one) and get malicious content that the other parser
+  did not see (CVE-2025-8291, bsc#1251305)
+- Readjust patches while synchronizing between openSUSE and SLE trees:
+  - F00251-change-user-install-location.patch
+  - doc-py38-to-py36.patch
+  - gh126985-mv-pyvenv.cfg2getpath.patch
+
 -------------------------------------------------------------------
 Wed Oct 15 09:15:38 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>