commit python-py7zr for openSUSE:Factory

Tue, 23 Jun 2026 08:45:04 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-py7zr for openSUSE:Factory 
checked in at 2026-06-23 17:41:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-py7zr (Old)
 and      /work/SRC/openSUSE:Factory/.python-py7zr.new.1956 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python-py7zr"

Tue Jun 23 17:41:38 2026 rev:12 rq:1361284 version:1.1.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/python-py7zr/python-py7zr.changes        
2026-02-19 14:22:24.108286484 +0100
+++ /work/SRC/openSUSE:Factory/.python-py7zr.new.1956/python-py7zr.changes      
2026-06-23 17:44:38.682202417 +0200
@@ -1,0 +2,17 @@
+Mon Jun 22 10:04:43 UTC 2026 - Nico Krapp <[email protected]>
+
+- Update to 1.1.3 (fixes CVE-2026-23879 (bsc#1268669),
+  CVE-2026-55195 (bsc#1268665), CVE-2026-55206 (bsc#1268666))
+  * CVE-2026-23879: Arbitrary File Write Vulnerability in py7zr (high severity)
+    - Harden check of path traversal and enhance test cases to reproduce many
+      attack scenarios.
+  * CVE-2026-55206: O(n^2) algorithmic complexity DoS in PackInfo._read() in
+    py7zr
+    - Enforced variation of the parameter with a limit and optimized
+      calculation algorithm to prevent excessive CPU consumption.
+  * CVE-2026-55195: py7zr <= 1.1.2: Decompression bomb (zip bomb) denial of
+    service via unchecked extraction size 
+    - Added check of extraction size and introduced max_extract_size as
+      constructor parameter to guard against excessive decompression.
+
+-------------------------------------------------------------------

Old:
----
  py7zr-1.1.0.tar.gz

New:
----
  py7zr-1.1.3.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-py7zr.spec ++++++
--- /var/tmp/diff_new_pack.PXdQYs/_old  2026-06-23 17:44:40.894279505 +0200
+++ /var/tmp/diff_new_pack.PXdQYs/_new  2026-06-23 17:44:40.906279924 +0200
@@ -26,7 +26,7 @@
 %endif
 %{?sle15_python_module_pythons}
 Name:           python-py7zr%{psuffix}
-Version:        1.1.0
+Version:        1.1.3
 Release:        0
 Summary:        Library and utility to support 7zip
 License:        LGPL-2.1-or-later

++++++ py7zr-1.1.0.tar.gz -> py7zr-1.1.3.tar.gz ++++++
/work/SRC/openSUSE:Factory/python-py7zr/py7zr-1.1.0.tar.gz 
/work/SRC/openSUSE:Factory/.python-py7zr.new.1956/py7zr-1.1.3.tar.gz differ: 
char 13, line 1

Reply via email to