CVE-2007-4559, PEP-706: Add filters for tarfile extraction
This commit is contained in:
parent
e5389fd0f4
commit
a1023e197c
2713
00397-tarfile-filter.patch
Normal file
2713
00397-tarfile-filter.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -17,7 +17,7 @@ URL: https://www.python.org/
|
|||||||
#global prerel ...
|
#global prerel ...
|
||||||
%global upstream_version %{general_version}%{?prerel}
|
%global upstream_version %{general_version}%{?prerel}
|
||||||
Version: %{general_version}%{?prerel:~%{prerel}}
|
Version: %{general_version}%{?prerel:~%{prerel}}
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: Python
|
License: Python
|
||||||
|
|
||||||
|
|
||||||
@ -399,6 +399,14 @@ Patch329: 00329-fips.patch
|
|||||||
# a nightmare because it's basically a binary file.
|
# a nightmare because it's basically a binary file.
|
||||||
Patch353: 00353-architecture-names-upstream-downstream.patch
|
Patch353: 00353-architecture-names-upstream-downstream.patch
|
||||||
|
|
||||||
|
# 00397 #
|
||||||
|
# Add filters for tarfile extraction (CVE-2007-4559, PEP-706)
|
||||||
|
# The first patch backports the upstream fix:
|
||||||
|
# - https://github.com/python/cpython/pull/104382
|
||||||
|
# The second patch is Red Hat configuration, see KB for documentation:
|
||||||
|
# - https://access.redhat.com/articles/7004769
|
||||||
|
Patch397: 00397-tarfile-filter.patch
|
||||||
|
|
||||||
# (New patches go here ^^^)
|
# (New patches go here ^^^)
|
||||||
#
|
#
|
||||||
# When adding new patches to "python" and "python3" in Fedora, EL, etc.,
|
# When adding new patches to "python" and "python3" in Fedora, EL, etc.,
|
||||||
@ -1800,6 +1808,10 @@ CheckPython optimized
|
|||||||
# ======================================================
|
# ======================================================
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Mar 07 2023 Petr Viktorin <pviktori@redhat.com> - 3.9.16-2
|
||||||
|
- Add filters for tarfile extraction (CVE-2007-4559, PEP-706)
|
||||||
|
Resolves: rhbz#263261
|
||||||
|
|
||||||
* Thu Dec 08 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.9.16-1
|
* Thu Dec 08 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.9.16-1
|
||||||
- Update to 3.9.16
|
- Update to 3.9.16
|
||||||
- Security fixes for CVE-2022-42919 and CVE-2022-45061
|
- Security fixes for CVE-2022-42919 and CVE-2022-45061
|
||||||
|
Loading…
Reference in New Issue
Block a user