[ubuntu/oracular-updates] python3.13 3.13.0-1ubuntu0.3 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Thu Jun 19 14:29:28 UTC 2025
python3.13 (3.13.0-1ubuntu0.3) oracular-security; urgency=medium
* SECURITY UPDATE: Arbitrary filesystem and metadata write through improper
tar filtering.
- debian/patches/CVE-202x-12718-4138-4x3x-4517-pre1.patch: Add additional
tests in ./Lib/test/test_ntpath.py and ./Lib/test/test_posixpath.py.
- debian/patches/CVE-202x-12718-4138-4x3x-4517-pre2.patch: Add part_count
and checks in ./Lib/posixpath.py.
- debian/patches/CVE-202x-12718-4138-4x3x-4517.patch: Add ALLOW_MISSING in
./Lib/genericpath.py, ./Lib/ntpath.py, ./Lib/posixpath.py. Change filter
to handle errors in ./Lib/ntpath.py, ./Lib/posixpath.py. Add checks and
unfiltered to ./Lib/tarfile.py. Modify tests.
- CVE-2024-12718
- CVE-2025-4138
- CVE-2025-4330
- CVE-2025-4435
- CVE-2025-4517
Date: 2025-06-18 12:50:48.702974+00:00
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/python3.13/3.13.0-1ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the oracular-changes
mailing list