Overview

File _patchinfo of Package patchinfo.38399

<patchinfo incident="38399">
  <issue tracker="bnc" id="1241067">python310, python311: FTBFS with OpenSSL 3.5.0</issue>
  <issue tracker="bnc" id="1244059">VUL-0: CVE-2025-4138: python: may allow symlink targets to point outside the destination directory, and the modification of some file metadata.</issue>
  <issue tracker="bnc" id="1244032">VUL-0: CVE-2025-4517: python: arbitrary filesystem writes outside the extraction directory during extraction with filter="data"</issue>
  <issue tracker="bnc" id="1244056">VUL-0: CVE-2024-12718: python: Bypass extraction filter to modify file metadata outside extraction directory</issue>
  <issue tracker="bnc" id="1243273">VUL-0: CVE-2025-4516: python, cpython: CPython DecodeError Handling Vulnerability</issue>
  <issue tracker="bnc" id="1244060">VUL-0: CVE-2025-4330: python: Extraction filter bypass for linking outside extraction directory</issue>
  <issue tracker="cve" id="2025-4330"/>
  <issue tracker="cve" id="2025-4138"/>
  <issue tracker="cve" id="2025-4516"/>
  <issue tracker="cve" id="2024-12718"/>
  <issue tracker="cve" id="2025-4517"/>
  <packager>mcepl</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for python311</summary>
  <description>This update for python311 fixes the following issues:

python311 was updated from version 3.11.10 to 3.11.13:

- Security issues fixed:

  * CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS (bsc#1243273).
  * CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517: Fixed multiple issues that allowed tarfile 
    extraction filters to be bypassed using crafted symlinks and hard links
    (bsc#1244056, bsc#1244059, bsc#1244060, bsc#1244032)

- Other bugs fixed:
 
  * Improved handling of system call failures that OpenSSL reports (bsc#1241067)
  * Disable GC during thread operations to prevent deadlocks.
  * Fixed a potential denial of service vulnerability in the imaplib module.
  * Fixed bugs in the in the folding of rfc2047 encoded-words and in the folding of quoted strings when flattening an
    email message using a modern email policy.
  * Fixed parsing long IPv6 addresses with embedded IPv4 address.
  * Fixed ipaddress.IPv6Address.reverse_pointer output according to RFC 3596.
  * Improved the textual representation of IPv4-mapped IPv6 addresses in ipaddress.
  * ipaddress: fixed hash collisions for IPv4Network and IPv6Network objects
  * os.path.realpath() now accepts a strict keyword-only argument.
  * Stop the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor
    denial-of-service.
  * Updated bundled libexpat to 2.7.1
  * Writers of CPython documentation can now use next as the version for the versionchanged, versionadded,
    deprecated directives.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places