Projetos/rpi-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
60d63597000dc5e91d7775176d9debc585ed107e
rpi-buildroot/package/python3/python3.hash
Titouan Christophe 5c96f8d7f8 package/python3: security bump to v3.12.11 
This fixes the following CVEs affecting tarfile extraction filters:

- CVE-2024-12718:
    Bypass extraction filter to modify file metadata outside
    extraction directory

- CVE-2025-4138:
    Bypassing extraction filter to create symlinks to arbitrary targets
    outside extraction directory

- CVE-2025-4330:
    Extraction filter bypass for linking outside extraction directory

- CVE-2025-4435:
    Tarfile extracts filtered members when errorlevel=0

- CVE-2025-4517:
    Arbitrary writes via tarfile realpath overflow

See https://www.python.org/downloads/release/python-31211/

Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
2025-06-24 20:52:51 +02:00

6 lines
320 B
Plaintext
Raw Blame History

# From https://www.python.org/downloads/release/python-31211/
md5 9613d56b90d0d0cfd19980c7e2956a06 Python-3.12.11.tar.xz
# Locally computed
sha256 c30bb24b7f1e9a19b11b55a546434f74e739bb4c271a3e3a80ff4380d49f7adb Python-3.12.11.tar.xz
sha256 3b2f81fe21d181c499c59a256c8e1968455d6689d269aa85373bfb6af41da3bf LICENSE
Reference in New Issue View Git Blame Copy Permalink