[ubuntu/plucky-updates] python3.13 3.13.3-1ubuntu0.2 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Thu Jun 19 14:29:35 UTC 2025
python3.13 (3.13.3-1ubuntu0.2) plucky-security; urgency=medium
* SECURITY UPDATE: Arbitrary filesystem and metadata write through improper
tar filtering.
- debian/patches/CVE-202x-12718-4138-4x3x-4517-pre1.patch: Add additional
tests in ./Lib/test/test_ntpath.py and ./Lib/test/test_posixpath.py.
- debian/patches/CVE-202x-12718-4138-4x3x-4517.patch: Add ALLOW_MISSING in
./Lib/genericpath.py, ./Lib/ntpath.py, ./Lib/posixpath.py. Change filter
to handle errors in ./Lib/ntpath.py, ./Lib/posixpath.py. Add checks and
unfiltered to ./Lib/tarfile.py. Modify tests.
- CVE-2024-12718
- CVE-2025-4138
- CVE-2025-4330
- CVE-2025-4435
- CVE-2025-4517
Date: 2025-06-18 12:50:24.802019+00:00
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/python3.13/3.13.3-1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list