python/python-rpyc
SHA256
14
0
Fork 0
forked from pool/python-rpyc
Code Pull Requests Activity

- Update to 6.0.0 (bsc#1221331, CVE-2024-27758):

Browse Source 
* #551 Resolves security issue that results in RCE. The fix breaks
    backwards compatibility for those that rely on the __array__
    attribute used by numpy. This RCE is only exploitable when the
    server-side gets the attribute __array__ and calls it (e.g.,
    np.array(x)). This issues effects all versions since major release
    4.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-rpyc?expand=0&rev=32
This commit is contained in:
Daniel Garcia
2024-03-13 13:16:49 +00:00
committed by Git OBS Bridge
parent 35672831e0
commit 454b296016
4 changed files with 22 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
python-rpyc.changes
View File

@@ -1,3 +1,14 @@
-------------------------------------------------------------------
Wed Mar 13 13:13:19 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
- Update to 6.0.0 (bsc#1221331, CVE-2024-27758):
* #551 Resolves security issue that results in RCE. The fix breaks
backwards compatibility for those that rely on the __array__
attribute used by numpy. This RCE is only exploitable when the
server-side gets the attribute __array__ and calls it (e.g.,
np.array(x)). This issues effects all versions since major release
4.
-------------------------------------------------------------------
Fri Dec 29 09:53:28 UTC 2023 - Dirk Müller <dmueller@suse.com>