dgit.raspbian.org Git - python3.9.git/commit

author	Victor Stinner <vstinner@python.org>
	Sat, 13 Sep 2025 20:34:15 +0000 (22:34 +0200)
committer	Raspbian forward porter <root@raspbian.org>
	Sat, 24 Jan 2026 09:41:14 +0000 (09:41 +0000)
commit	c31d7f3c2680521d3f0b3ad8751b40fc6c0c4cf4
tree	69cb2aaebaf66e0b9f3c4c4db78de2dd1c0714a0	tree \| snapshot
parent	1e2c69691298f1703abf44905d46557239b910ed	commit \| diff

[3.9] gh-130577: tarfile now validates archives to ensure member offsets are non-negative (GH-137027) (GH-137645)

gh-130577: tarfile now validates archives to ensure member offsets are non-negative (GH-137027)

(cherry picked from commit 7040aa54f14676938970e10c5f74ea93cd56aa38)

Co-authored-by: Alexander Urieles <aeurielesn@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Origin: upstream, https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19

Gbp-Pq: Name CVE-2025-8194.patch

Lib/tarfile.py		diff \| blob \| history
Lib/test/test_tarfile.py		diff \| blob \| history
Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst	[new file with mode: 0644]	blob