Security fix for CVE-2007-4559, PEP 706 – Filter for tarfile.extractall

Fixes: rhbz#2141080
This commit is contained in:
Charalampos Stratakis 2024-02-27 23:48:23 +01:00
commit debf73953c
2 changed files with 2496 additions and 1 deletions

2481
00397-cve-2007-4559.patch Normal file

File diff suppressed because it is too large Load diff

View file

@ -17,7 +17,7 @@ URL: https://www.python.org/
#global prerel ...
%global upstream_version %{general_version}%{?prerel}
Version: %{general_version}%{?prerel:~%{prerel}}
Release: 25%{?dist}
Release: 26%{?dist}
# Python is Python
# pip MIT is and bundles:
# appdirs: MIT
@ -614,6 +614,16 @@ Patch392: 00392-cve-2022-37454-fix-buffer-overflows-in-_sha3-module.patch
# the behavior to linear.
Patch394: 00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch
# 00397 # ec259fa098e42d5c3c32b2722fcb314a3f23b290
# CVE-2007-4559
#
# Implement PEP 706 Filter for tarfile.extractall
#
# Upstream issue: https://github.com/python/cpython/issues/102950
#
# Tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=263261
Patch397: 00397-cve-2007-4559.patch
# 00399 # dc0a803eea47d3b4f0657816b112b5a33491500f
# CVE-2023-24329
#
@ -1918,6 +1928,10 @@ CheckPython optimized
# ======================================================
%changelog
* Tue Feb 27 2024 Charalampos Stratakis <cstratak@redhat.com> - 3.6.15-26
- Security fix for CVE-2007-4559, PEP 706 Filter for tarfile.extractall
- Fixes: rhbz#2141080
* Mon Jan 29 2024 Karolina Surma <ksurma@redhat.com> - 3.6.15-25
- Fix test_zlib when building with zlib-ng-compat