fence-agents/bz2218234-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
Oyvind Albrigtsen afa5fa38bc - bundled urllib3: fix CVE-2023-43804
Resolves: RHEL-11988
2023-10-12 16:29:42 +02:00

18 lines
765 B
Diff

--- a/kubevirt/dateutil/zoneinfo/rebuild.py 2023-01-26 16:29:30.000000000 +0100
+++ b/kubevirt/dateutil/zoneinfo/rebuild.py 2023-07-19 10:12:42.277559948 +0200
@@ -21,7 +21,12 @@
try:
with TarFile.open(filename) as tf:
for name in zonegroups:
- tf.extract(name, tmpdir)
+ if hasattr(tarfile, 'data_filter'):
+ # Python with CVE-2007-4559 mitigation (PEP 706)
+ tf.extract(name, tmpdir, filter='data')
+ else:
+ # Fallback to a possibly dangerous extraction (before PEP 706)
+ tf.extract(name, tmpdir)
filepaths = [os.path.join(tmpdir, n) for n in zonegroups]
_run_zic(zonedir, filepaths)