-
Bug
-
Resolution: Done-Errata
-
Undefined
-
rhel-8.6.0.z, rhel-8.8.0.z, rhel-8.9.0.z, rhel-8.10, rhel-9.3.0.z, rhel-9.4
-
None
-
python-pip-9.0.3-22.3.el8_6
-
None
-
None
-
rhel-sst-pt-python-ruby-nodejs
-
ssg_core_services
-
3
-
False
-
-
None
-
None
-
None
The fix for CVE-2007-4559 has been implemented in pip and Python so that pip requires Python to provide tarfile filters. Unfortunately, this requirement is not present on RPM level; therefore, it's possible to install the fixed version of pip with a vulnerable version of Python.
- clones
-
RHEL-25446 python-pip - require Python with tarfile filters [rhel-8]
- Closed
- is blocked by
-
RHEL-25818 Incomplete fix for CVE-2007-4559 [rhel-8.6.0.z]
- Closed
- links to
-
RHBA-2024:128258 python-pip update