Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-9.4
Affects Version/s: rhel-8.6.0.z, rhel-8.8.0.z, rhel-8.9.0.z, rhel-8.10, rhel-9.3.0.z, rhel-9.4
Component/s: python-pip
Labels:
None

Regression:
None
Severity:
None
Epic Link:
pip - require Python with tarfile filters

Pool Team:

rhel-sst-pt-python-ruby-nodejs
Sub-System Group:

ssg_core_services

Dev Target Milestone:
25
Internal Target Milestone:
26
Story Points:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/127869
Test Coverage:
None

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

The fix for CVE-2007-4559 has been implemented in pip and Python so that pip requires Python to provide tarfile filters. Unfortunately, this requirement is not present on RPM level; therefore, it's possible to install the fixed version of pip with a vulnerable version of Python.

clones

RHEL-25446 python-pip - require Python with tarfile filters [rhel-8]

Closed

is cloned by

RHEL-25452 python-pip - require Python with tarfile filters [rhel-9.3.0.z]

Closed

links to

RHBA-2024:127869 python-pip update

mentioned on

Merge request - Require Python with tarfile filters

Assignee:: python-maint

Reporter:: Lumir Balhar

Developer:: Lumir Balhar

QA Contact:: Lukas Zachar

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/02/14 9:54 AM

Updated:: 2024/04/30 11:00 AM

Resolved:: 2024/04/30 11:00 AM

Dev Target end:: 2024/02/19

Target end:: 2024/02/26

Release Date:: 2024/04/30

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates