python-interpreters/python314
SHA256
7
0
Fork 0
forked from pool/python314
Code Pull Requests Activity

Add CVE-2025-8291-consistency-zip64.patch

Browse Source 
It checks consistency of the zip64 end of central directory
record, and preventing obfuscation of the payload, i.e., you
scanning for malicious content in a ZIP file with one ZIP parser
(let's say a Rust one) then unpack it in production with another
(e.g., the Python one) and get malicious content that the other
parser did not see (CVE-2025-8291, bsc#1251305)
This commit is contained in:
Matej Cepl
2025-11-04 18:00:48 +01:00
parent 45f653ebee
commit faa4a5c356
3 changed files with 321 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
python314.spec
View File

@@ -226,6 +226,9 @@ Patch41: bsc1243155-sphinx-non-determinism.patch
Patch44: gh138131-exclude-pycache-from-digest.patch
# PATCH-FIX-OPENSUSE gh139257-Support-docutils-0.22.patch gh#python/cpython#139257 daniel.garcia@suse.com
Patch45: gh139257-Support-docutils-0.22.patch
# PATCH-FIX-UPSTREAM CVE-2025-8291-consistency-zip64.patch bsc#1251305 mcepl@suse.com
# Check consistency of the zip64 end of central directory record
Patch46: CVE-2025-8291-consistency-zip64.patch
#### Python 3.14 DEVELOPMENT PATCHES
BuildRequires: autoconf-archive
BuildRequires: automake