[ubuntu/noble-security] python3.12 3.12.3-1ubuntu0.7 (Accepted)

[Hlib Korzhynskyy]

python3.12 (3.12.3-1ubuntu0.7) noble-security; urgency=medium

  * SECURITY UPDATE: Arbitrary filesystem and metadata write through improper
    tar filtering.
    - debian/patches/CVE-202x-12718-4138-4x3x-4517.patch: Add ALLOW_MISSING in
      ./Lib/genericpath.py, ./Lib/ntpath.py, ./Lib/posixpath.py. Change filter
      to handle errors in ./Lib/ntpath.py, ./Lib/posixpath.py. Add checks and
      unfiltered to ./Lib/tarfile.py. Modify tests.
    - CVE-2024-12718
    - CVE-2025-4138
    - CVE-2025-4330
    - CVE-2025-4435
    - CVE-2025-4517

Date: 2025-06-18 19:53:26.226333+00:00
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
https://launchpad.net/ubuntu/+source/python3.12/3.12.3-1ubuntu0.7
-------------- next part --------------
Sorry, changesfile not available.