Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-25452

python-pip - require Python with tarfile filters [rhel-9.3.0.z]

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-9.3.0.z
    • rhel-8.6.0.z, rhel-8.8.0.z, rhel-8.9.0.z, rhel-9.3.0.z, rhel-8.10, rhel-9.4
    • python-pip
    • None
    • sst_cs_apps
    • ssg_core_services
    • 3
    • False
    • Hide

      None

      Show
      None

      The fix for CVE-2007-4559 has been implemented in pip and Python so that pip requires Python to provide tarfile filters. Unfortunately, this requirement is not present on RPM level; therefore, it's possible to install the fixed version of pip with a vulnerable version of Python.

            python-maint python-maint
            lbalhar@redhat.com Lumir Balhar
            Lumir Balhar Lumir Balhar
            Lukas Zachar Lukas Zachar
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: