Add CVE-2025-8291-consistency-zip64.patch

It checks consistency of the zip64 end of central directory record, and preventing obfuscation of the payload, i.e., you scanning for malicious content in a ZIP file with one ZIP parser (let's say a Rust one) then unpack it in production with another (e.g., the Python one) and get malicious content that the other parser did not see (CVE-2025-8291, bsc#1251305)
2025-11-04 18:00:48 +01:00
parent 45f653ebee
commit faa4a5c356
3 changed files with 321 additions and 0 deletions
--- a/python314.changes
+++ b/python314.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Tue Nov  4 16:44:05 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Add CVE-2025-8291-consistency-zip64.patch which checks
+  consistency of the zip64 end of central directory record, and
+  preventing obfuscation of the payload, i.e., you scanning for
+  malicious content in a ZIP file with one ZIP parser (let's say
+  a Rust one) then unpack it in production with another (e.g.,
+  the Python one) and get malicious content that the other parser
+  did not see (CVE-2025-8291, bsc#1251305)
+
 -------------------------------------------------------------------
 Wed Oct 15 09:22:40 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>