Accepting request 1288600 from devel:languages:python:Factory

Also addresses bsc#1244705 (CVE-2025-6069) and CVE-2025-4435 (gh#135034, bsc#1244061). OBS-URL: https://build.opensuse.org/request/show/1288600 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python314?expand=0&rev=14
2025-06-26 09:38:10 +00:00
parent 9a13683c02 940abe7147
commit 66dec9ba75
1 changed files with 6 additions and 4 deletions
--- a/python314.changes
+++ b/python314.changes
@@ -12,12 +12,14 @@ Sat Jun 21 22:30:08 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
    - gh-135462: Fix quadratic complexity in processing specially
      crafted input in html.parser.HTMLParser. End-of-file errors
      are now handled according to the HTML5 specs – comments and
-      declarations are automatically closed, tags are ignored.
+      declarations are automatically closed, tags are ignored
+      (bsc#1244705, CVE-2025-6069).
    - gh-135034: Fixes multiple issues that allowed tarfile
      extraction filters (filter="data" and filter="tar") to be
-      bypassed using crafted symlinks and hard links.
-      Addresses CVE 2024-12718, CVE 2025-4138, CVE 2025-4330, and
-      CVE 2025-4517.
+      bypassed using crafted symlinks and hard links.  Addresses
+      CVE 2024-12718, CVE 2025-4138, CVE 2025-4330, and CVE
+      2025-4517. Also addresses CVE-2025-4435 (gh#135034,
+      bsc#1244061).
  - Library
    - gh-65697: configparser’s error message when attempting to
      write an invalid key is now more helpful.