Fix CVE-2007-4559 by adding filter parameter to tarfile.extractall

(cherry picked from commit 5fe21d591acf1983cf2515a768885427f2f300c8)
2023-08-07 14:46:53 +08:00 · 2023-08-07 14:46:53 +08:00 · c2474ce9e7
commit c2474ce9e7
parent de933dcde4
2 changed files with 2469 additions and 3 deletions
--- a/backport-CVE-2007-4559.patch
+++ b/backport-CVE-2007-4559.patch
--- a/python3.spec
+++ b/python3.spec
@ -3,7 +3,7 @@ Summary: Interpreter of the Python3 programming language
 URL: https://www.python.org/
 Version: 3.9.9
-Release: 24
+Release: 25
 License: Python-2.0
 %global branchversion 3.9
@ -104,6 +104,7 @@ Patch6010: backport-CVE-2022-42919.patch
 Patch6011: backport-CVE-2022-45061.patch
 Patch6012: backport-CVE-2022-37454.patch
 Patch6013: backport-Make-urllib.parse.urlparse-enforce-that-a-scheme-mus.patch
 Patch6014: backport-CVE-2007-4559.patch
 Patch9000: add-the-sm3-method-for-obtaining-the-salt-value.patch
 Patch9001: python3-Add-sw64-architecture.patch
@ -207,6 +208,7 @@ rm -r Modules/expat
 %patch6011 -p1
 %patch6012 -p1
 %patch6013 -p1
 %patch6014 -p1
 %patch9000 -p1
 %patch9001 -p1
@ -836,6 +838,12 @@ export BEP_GTDLIST="$BEP_GTDLIST_TMP"
 %{_mandir}/*/*
 %changelog
 * Mon Aug 07 2023 zhaoyu <zhaoyu64@huawei.com>- 3.9.9-25
 - Type:CVE
 - CVE:CVE-2007-4559
 - SUG:NA
 - DESC:Add a filter parameter to tarfile.extractall will allow users to avoid CVE-2007-4559 by changing their code/settings.
 * Thu Apr 06 2023 shixuantong <shixuantong1@huawei.com>- 3.9.9-24
 - Type:CVE
 - CVE:CVE-2023-24329