dgit.raspbian.org Git - python3.9.git/commit

author	Victor Stinner <vstinner@python.org>
	Sat, 13 Sep 2025 20:34:15 +0000 (22:34 +0200)
committer	Andrej Shadura <andrewsh@debian.org>
	Sun, 25 Jan 2026 13:37:52 +0000 (14:37 +0100)
commit	d6762f22bf64b86477f3baa41fa718db883d18ef
tree	bceecd5e86d4495b950ddf74844813e89ccaaa55	tree \| snapshot
parent	f7985c21e18c7744229854d52f509810ba711daa	commit \| diff

[3.9] gh-130577: tarfile now validates archives to ensure member offsets are non-negative (GH-137027) (GH-137645)

gh-130577: tarfile now validates archives to ensure member offsets are non-negative (GH-137027)

(cherry picked from commit 7040aa54f14676938970e10c5f74ea93cd56aa38)

Co-authored-by: Alexander Urieles <aeurielesn@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Origin: upstream, https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19

Gbp-Pq: Name CVE-2025-8194.patch

Lib/tarfile.py		diff \| blob \| history
Lib/test/test_tarfile.py		diff \| blob \| history
Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst	[new file with mode: 0644]	blob