Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-25459

python39/python3x-pip - require Python with tarfile filters [rhel-8.9.0.z]

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-8.9.0.z
    • rhel-8.6.0.z, rhel-8.8.0.z, rhel-8.9.0.z, rhel-8.10
    • python3x-pip
    • None
    • rhel-sst-pt-python-ruby-nodejs
    • ssg_core_services
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None

      The fix for CVE-2007-4559 has been implemented in pip and Python so that pip requires Python to provide tarfile filters. Unfortunately, this requirement is not present on RPM level; therefore, it's possible to install the fixed version of pip with a vulnerable version of Python.

              python-maint python-maint
              lbalhar@redhat.com Lumir Balhar
              Tomáš Hrnčiar Tomáš Hrnčiar
              Lukas Zachar Lukas Zachar
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: