python313

python-interpreters/python313

SHA256

Fork 0

forked from pool/python313

Commit Graph

Author	SHA256	Message	Date
Matěj Cepl	308445653b	Add CVE-2025-8291-consistency-zip64.patch Checks consistency of the zip64 end of central directory record, and preventing obfuscation of the payload, i.e., you scanning for malicious content in a ZIP file with one ZIP parser (let's say a Rust one) then unpack it in production with another (e.g., the Python one) and get malicious content that the other parser did not see (CVE-2025-8291, bsc#1251305) Readjust patches while synchronizing between openSUSE and SLE trees: - F00251-change-user-install-location.patch - doc-py38-to-py36.patch - gh126985-mv-pyvenv.cfg2getpath.patch	2025-11-12 01:08:52 +01:00

Author

SHA256

Message

Date

Matěj Cepl

308445653b

Add CVE-2025-8291-consistency-zip64.patch

Checks consistency of the zip64 end of central directory record,
and preventing obfuscation of the payload, i.e., you scanning for
malicious content in a ZIP file with one ZIP parser (let's say a
Rust one) then unpack it in production with another (e.g., the
Python one) and get malicious content that the other parser did
not see (CVE-2025-8291, bsc#1251305)

Readjust patches while synchronizing between openSUSE and SLE trees:
  - F00251-change-user-install-location.patch
  - doc-py38-to-py36.patch
  - gh126985-mv-pyvenv.cfg2getpath.patch

2025-11-12 01:08:52 +01:00

1 Commits