Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-8.10
Affects Version/s: rhel-8.6.0.z, rhel-8.8.0.z, rhel-8.9.0.z, rhel-8.10
Component/s: python3x-pip
Labels:
None

Regression:
None
Severity:
None
Epic Link:
pip - require Python with tarfile filters

Pool Team:

rhel-sst-pt-python-ruby-nodejs
Sub-System Group:

ssg_core_services

Dev Target Milestone:
25
Internal Target Milestone:
26
Story Points:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/122300
Test Coverage:
None

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

The fix for CVE-2007-4559 has been implemented in pip and Python so that pip requires Python to provide tarfile filters. Unfortunately, this requirement is not present on RPM level; therefore, it's possible to install the fixed version of pip with a vulnerable version of Python.

clones

RHEL-25446 python-pip - require Python with tarfile filters [rhel-8]

Closed

is cloned by

RHEL-25459 python39/python3x-pip - require Python with tarfile filters [rhel-8.9.0.z]

Closed

links to

RHSA-2023:122300 python39:3.9 and python39-devel:3.9 security update

mentioned on

Commit - Rebuild python39 module to ship fix for RHEL-25457 in python3x-pip

Commit - Require Python with tarfile filters

Merge request - Require Python with tarfile filters

(2 mentioned on)

Assignee:: python-maint

Reporter:: Lumir Balhar

Developer:: Tomáš Hrnčiar

QA Contact:: Lukas Zachar

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2024/02/14 9:59 AM

Updated:: 2024/10/08 10:39 AM

Resolved:: 2024/05/22 9:26 AM

Dev Target end:: 2024/02/19

Target end:: 2024/02/26

Release Date:: 2024/05/22

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates