dgit.raspbian.org Git - python3.9.git/commit

author	Victor Stinner <vstinner@python.org>
	Sat, 13 Sep 2025 20:34:15 +0000 (22:34 +0200)
committer	Andrej Shadura <andrewsh@debian.org>
	Tue, 20 Jan 2026 10:45:10 +0000 (11:45 +0100)
commit	957d46ea9b972e0573630d4fadad17cac4eacbdb
tree	c759088fb9dddfbc36c1481f5e9431ebe40f38a6	tree \| snapshot
parent	316d986a612fd714532e8cc0293ac63d8f3775db	commit \| diff

[3.9] gh-130577: tarfile now validates archives to ensure member offsets are non-negative (GH-137027) (GH-137645)

gh-130577: tarfile now validates archives to ensure member offsets are non-negative (GH-137027)

(cherry picked from commit 7040aa54f14676938970e10c5f74ea93cd56aa38)

Co-authored-by: Alexander Urieles <aeurielesn@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Origin: upstream, https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19

Gbp-Pq: Name CVE-2025-8194.patch

Lib/tarfile.py		diff \| blob \| history
Lib/test/test_tarfile.py		diff \| blob \| history
Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst	[new file with mode: 0644]	blob