From 4c4727d238470f72a0269bd94845c102d24b9dadc90e451d8918221ff6790858 Mon Sep 17 00:00:00 2001
From: Matej Cepl <mcepl@suse.com>
Date: Wed, 28 Jun 2023 19:10:39 +0000
Subject: [PATCH] Fix changes

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=97
---
 python310.changes | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/python310.changes b/python310.changes
index 8751936..cecc8f8 100644
--- a/python310.changes
+++ b/python310.changes
@@ -9,7 +9,8 @@ Wed Jun 28 16:57:46 UTC 2023 - Matej Cepl <mcepl@suse.com>
     fixed previously in 1.1.1t (gh-101727).
   - gh-102153: urllib.parse.urlsplit() now strips leading C0
     control and space characters following the specification for
-    URLs defined by WHATWG in response to CVE-2023-24329.
+    URLs defined by WHATWG in response to CVE-2023-24329
+    (bsc#1208471).
   - gh-99889: Fixed a security in flaw in uu.decode() that could
     allow for directory traversal based on the input if no
     out_file was specified.
@@ -22,7 +23,8 @@ Wed Jun 28 16:57:46 UTC 2023 - Matej Cepl <mcepl@suse.com>
     shutil.unpack_archive(), have a new filter argument that
     allows limiting tar features than may be surprising or
     dangerous, such as creating files outside the destination
-    directory. See Extraction filters for details.
+    directory. See Extraction filters for details (fixing
+    CVE-2007-4559, bsc#1203750).
 - Remove upstreamed patches:
   - CVE-2023-24329-blank-URL-bypass.patch
   - CVE-2007-4559-filter-tarfile_extractall.patch