Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-Mako for openSUSE:Factory checked in at 2026-04-25 21:35:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Mako (Old) and /work/SRC/openSUSE:Factory/.python-Mako.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Mako" Sat Apr 25 21:35:25 2026 rev:62 rq:1349104 version:1.3.11 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Mako/python-Mako.changes 2025-06-10 08:57:25.507918077 +0200 +++ /work/SRC/openSUSE:Factory/.python-Mako.new.11940/python-Mako.changes 2026-04-25 21:35:36.625474335 +0200 @@ -1,0 +2,12 @@ +Thu Apr 23 14:36:37 UTC 2026 - John Paul Adrian Glaubitz <[email protected]> + +- Update to 1.3.11 + * Fixed issue in TemplateLookup where a URI with a double-slash + prefix (e.g. //../../) could bypass the directory traversal + check in Template, allowing reads of arbitrary files outside + of the template directory. The issue was caused by an + inconsistency in how leading slashes were stripped between + TemplateLookup.get_template() and Template initialization. + (bsc#1262716, CVE-2026-41205) + +------------------------------------------------------------------- Old: ---- mako-1.3.10.tar.gz New: ---- mako-1.3.11.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Mako.spec ++++++ --- /var/tmp/diff_new_pack.KbtiRz/_old 2026-04-25 21:35:38.173537327 +0200 +++ /var/tmp/diff_new_pack.KbtiRz/_new 2026-04-25 21:35:38.189537979 +0200 @@ -1,7 +1,7 @@ # # spec file for package python-Mako # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ %{?sle15_python_module_pythons} Name: python-Mako -Version: 1.3.10 +Version: 1.3.11 Release: 0 Summary: A Python templating language License: MIT ++++++ mako-1.3.10.tar.gz -> mako-1.3.11.tar.gz ++++++ ++++ 4941 lines of diff (skipped)
