dgit.raspbian.org Git - python3.9.git/commit

author	Victor Stinner <vstinner@python.org>
	Sat, 13 Sep 2025 20:34:15 +0000 (22:34 +0200)
committer	Arnaud Rebillout <arnaudr@debian.org>
	Tue, 14 Apr 2026 04:38:32 +0000 (11:38 +0700)
commit	47762803374547e153f135cdff861c126a126367
tree	b5654d783219a0011cb7813562bb8be94e7989d8	tree \| snapshot
parent	e7c3161756bd10631b0d40be59ea64de0906b4e4	commit \| diff

[3.9] gh-130577: tarfile now validates archives to ensure member offsets are non-negative (GH-137027) (GH-137645)

gh-130577: tarfile now validates archives to ensure member offsets are non-negative (GH-137027)

(cherry picked from commit 7040aa54f14676938970e10c5f74ea93cd56aa38)

Co-authored-by: Alexander Urieles <aeurielesn@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Origin: upstream, https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19

Gbp-Pq: Name CVE-2025-8194.patch

Lib/tarfile.py		diff \| blob \| history
Lib/test/test_tarfile.py		diff \| blob \| history
Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst	[new file with mode: 0644]	blob