-
Bug
-
Resolution: Done-Errata
-
Undefined
-
rhel-8.6.0.z, rhel-8.8.0.z, rhel-8.9.0.z, rhel-8.10
-
None
-
rhel-sst-pt-python-ruby-nodejs
-
ssg_core_services
-
None
-
False
-
-
None
-
None
-
None
The fix for CVE-2007-4559 has been implemented in pip and Python so that pip requires Python to provide tarfile filters. Unfortunately, this requirement is not present on RPM level; therefore, it's possible to install the fixed version of pip with a vulnerable version of Python.
- clones
-
RHEL-25457 python39/python3x-pip - require Python with tarfile filters [rhel-8]
- Closed
- links to
-
RHBA-2024:128156 python39/python3x-pip - bug fix update
- mentioned on