dgit.raspbian.org Git - python3.9.git/commit

author	Victor Stinner <vstinner@python.org>
	Sat, 13 Sep 2025 20:34:15 +0000 (22:34 +0200)
committer	Arnaud Rebillout <arnaudr@debian.org>
	Thu, 14 May 2026 03:00:00 +0000 (10:00 +0700)
commit	a601b0d8103b642339cc57048459ae9f5850e16c
tree	5be2fccc8ea0baf390c8b5fa00ae36d4423d46f9	tree \| snapshot
parent	b51110531a726cebf7e262947034ccfaa6521941	commit \| diff

[3.9] gh-130577: tarfile now validates archives to ensure member offsets are non-negative (GH-137027) (GH-137645)

gh-130577: tarfile now validates archives to ensure member offsets are non-negative (GH-137027)

(cherry picked from commit 7040aa54f14676938970e10c5f74ea93cd56aa38)

Co-authored-by: Alexander Urieles <aeurielesn@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Origin: upstream, https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19

Gbp-Pq: Name CVE-2025-8194.patch

Lib/tarfile.py		diff \| blob \| history
Lib/test/test_tarfile.py		diff \| blob \| history
Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst	[new file with mode: 0644]	blob