python-interpreters/python315
SHA256
6
0
Fork 0
forked from pool/python315
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add CVE-2025-6075-expandvars-perf-degrad.patch

Browse Source 
Avoid simple quadratic complexity vulnerabilities of
os.path.expandvars() (CVE-2025-6075, bsc#1252974).
Skip test_curses on ppc64le (gh#python/cpython#141534)
This commit is contained in:
Matej Cepl
2025-11-13 22:40:01 +01:00
parent b563206f1a
commit e52bc99839
4 changed files with 397 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
python315.changes
View File

@@ -1,8 +1,29 @@
-------------------------------------------------------------------
Thu Nov 13 17:13:03 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
- Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple
quadratic complexity vulnerabilities of os.path.expandvars()
(CVE-2025-6075, bsc#1252974).
- Remove CVE-2025-8291-consistency-zip64.patch … the fix has been
already included in 3.15.0~a1.
- Skip test_curses on ppc64le (gh#python/cpython#141534)
-------------------------------------------------------------------
Mon Nov 10 10:01:37 UTC 2025 - Andreas Schwab <schwab@suse.de>
- Update list of skipped tests in qemu linux-user emulation
-------------------------------------------------------------------
Thu Nov 6 23:45:56 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
- Add CVE-2025-8291-consistency-zip64.patch which checks
consistency of the zip64 end of central directory record, and
preventing obfuscation of the payload, i.e., you scanning for
malicious content in a ZIP file with one ZIP parser (let's say
a Rust one) then unpack it in production with another (e.g.,
the Python one) and get malicious content that the other parser
did not see (CVE-2025-8291, bsc#1251305)
-------------------------------------------------------------------
Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>