forked from pool/python314
Accepting request 1288600 from devel:languages:python:Factory
Also addresses bsc#1244705 (CVE-2025-6069) and CVE-2025-4435 (gh#135034, bsc#1244061). OBS-URL: https://build.opensuse.org/request/show/1288600 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python314?expand=0&rev=14
This commit is contained in:
Git OBS Bridge
@@ -12,12 +12,14 @@ Sat Jun 21 22:30:08 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
|
|||||||
- gh-135462: Fix quadratic complexity in processing specially
|
- gh-135462: Fix quadratic complexity in processing specially
|
||||||
crafted input in html.parser.HTMLParser. End-of-file errors
|
crafted input in html.parser.HTMLParser. End-of-file errors
|
||||||
are now handled according to the HTML5 specs – comments and
|
are now handled according to the HTML5 specs – comments and
|
||||||
declarations are automatically closed, tags are ignored.
|
declarations are automatically closed, tags are ignored
|
||||||
|
(bsc#1244705, CVE-2025-6069).
|
||||||
- gh-135034: Fixes multiple issues that allowed tarfile
|
- gh-135034: Fixes multiple issues that allowed tarfile
|
||||||
extraction filters (filter="data" and filter="tar") to be
|
extraction filters (filter="data" and filter="tar") to be
|
||||||
bypassed using crafted symlinks and hard links.
|
bypassed using crafted symlinks and hard links. Addresses
|
||||||
Addresses CVE 2024-12718, CVE 2025-4138, CVE 2025-4330, and
|
CVE 2024-12718, CVE 2025-4138, CVE 2025-4330, and CVE
|
||||||
CVE 2025-4517.
|
2025-4517. Also addresses CVE-2025-4435 (gh#135034,
|
||||||
|
bsc#1244061).
|
||||||
- Library
|
- Library
|
||||||
- gh-65697: configparser’s error message when attempting to
|
- gh-65697: configparser’s error message when attempting to
|
||||||
write an invalid key is now more helpful.
|
write an invalid key is now more helpful.
|
||||||
|
|||||||
Reference in New Issue
Block a user