Source: python3.11 Version: 3.11.2-6+deb12u3 Severity: important Forwarded: https://github.com/python/cpython/issues/123270 X-Debbugs-Cc: [email protected]
Dear security team, python3.11 3.11.2-6+deb12u3 and especifically the CVE-2024-8088 introduced a regression in zipfile.Path. This has been reported upstream at: https://github.com/python/cpython/issues/123270. I have confirmed the change in behaviour described at: https://github.com/python/cpython/issues/123270#issuecomment-2307711914 between 3.11.2-6+deb12u2 and 3.11.2-6+deb12u3. Cheers, -- System Information: Debian Release: 12.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'oldstable-security'), (500, 'stable'), (500, 'oldstable'), (1, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-23-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- no debconf information
signature.asc
Description: PGP signature
