mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-06-27 20:13:41 +02:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Sudhir Dumbhare	e61bf028a6	python3: Fix CVE-2025-13462 Apply the upstream v3.12 fix [1], aligned with the original v3.13 fix [2], to address incorrect tarfile handling where GNU long name follow-up headers could be normalized as directories, as referenced in [3]. [1] `d10950739a` [2] `ae99fe3a33` [3] https://security-tracker.debian.org/tracker/CVE-2025-13462 Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-13462 (From OE-Core rev: 0b990a354ef858d903d4bed937b1233537c2c478) Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>	2026-06-26 16:55:53 +01:00

Sudhir Dumbhare

e61bf028a6

python3: Fix CVE-2025-13462

Apply the upstream v3.12 fix [1], aligned with the original v3.13 fix [2],
to address incorrect tarfile handling where GNU long name follow-up headers
could be normalized as directories, as referenced in [3].

[1] d10950739a
[2] ae99fe3a33
[3] https://security-tracker.debian.org/tracker/CVE-2025-13462

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-13462

(From OE-Core rev: 0b990a354ef858d903d4bed937b1233537c2c478)

Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>

2026-06-26 16:55:53 +01:00

1 Commits