From 39157872a54e0b569729068cd2001f0f2e2ceeac15256c38a9c6ef07c5d5b015 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 3 May 2023 10:14:51 +0000 Subject: [PATCH] =?UTF-8?q?-=20Add=20CVE-2007-4559-filter-tarfile=5Fextrac?= =?UTF-8?q?tall.patch=20to=20fix=20=20=20bsc#1203750=20(CVE-2007-4559)=20a?= =?UTF-8?q?nd=20implementing=20"PEP=20706=20=E2=80=93=20Filter=20=20=20for?= =?UTF-8?q?=20tarfile.extractall".?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=64 --- python311.changes | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/python311.changes b/python311.changes index aa6f5b9..9934ec1 100644 --- a/python311.changes +++ b/python311.changes @@ -5,6 +5,9 @@ Sun Apr 30 18:13:16 UTC 2023 - Matej Cepl - Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). - Add skip_if_buildbot-extend.patch to avoid the bug altogether (extending what skip_if_buildbot covers). +- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix + bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter + for tarfile.extractall". ------------------------------------------------------------------- Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl @@ -15,9 +18,6 @@ Thu Apr 27 21:57:15 UTC 2023 - Matej Cepl and macOS binary release builds to 1.1.1t to address CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the OpenSSL 2023-02-07 security advisory. - - gh-101283: subprocess.Popen now uses a safer approach to - find cmd.exe when launching with shell=True. Patch by Eryk - Sun, based on a patch by Oleg Iarygin. - Core and Builtins - gh-101975: Fixed stacktop value on tracing entries to avoid corruption on garbage collection.