Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-8.9.0.z
Affects Version/s: rhel-8.6.0.z, rhel-8.8.0.z, rhel-8.9.0.z, rhel-8.10, rhel-9.3.0.z, rhel-9.4
Component/s: python-pip
Labels:
None

Regression:
None
Severity:
None
Epic Link:
pip - require Python with tarfile filters

Pool Team:

rhel-sst-pt-python-ruby-nodejs
Sub-System Group:

ssg_core_services

Story Points:
3
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Errata Link:
https://errata.engineering.redhat.com/advisory/128222
Test Coverage:
None

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

The fix for CVE-2007-4559 has been implemented in pip and Python so that pip requires Python to provide tarfile filters. Unfortunately, this requirement is not present on RPM level; therefore, it's possible to install the fixed version of pip with a vulnerable version of Python.

clones

RHEL-25446 python-pip - require Python with tarfile filters [rhel-8]

Closed

links to

RHBA-2024:128222 python-pip - bug fix update

Assignee:: python-maint

Reporter:: Lumir Balhar

Developer:: Lumir Balhar

QA Contact:: Lukas Zachar

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2024/02/14 9:52 AM

Updated:: 2024/04/02 3:55 PM

Resolved:: 2024/04/02 3:55 PM

Release Date:: 2024/04/02

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates