python/python-asteval
SHA256
15
0
Fork 0
forked from pool/python-asteval
Code Pull Requests Activity

Add information about the fixed CVE.

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-asteval?expand=0&rev=43
This commit is contained in:
Matej Cepl
2025-01-27 15:21:08 +00:00
committed by Git OBS Bridge
parent 8760b4335a
commit 2a11a765e3
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
python-asteval.changes
View File

@@ -5,7 +5,8 @@ Mon Jan 27 12:42:41 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.c
* drop testing and support for Python3.8, add Python 3.13,
change document to reflect this.
* implement safe_getattr and safe_format functions; fix bugs
in UNSAFE_ATTRS and UNSAFE_ATTRS_DTYPES usage
in UNSAFE_ATTRS and UNSAFE_ATTRS_DTYPES usage (bsc#1236405,
CVE-2025-24359)
* make all procedure attributes private to curb access to AST
nodes, which can be exploited
* improvements to error messages, including use ast functions