Bugs fixes in "python3.12"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2025-6075 | If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables. | 2025-11-25 |
| CVE | CVE-2025-8291 | The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locat | 2025-11-25 |
| CVE | CVE-2025-6075 | If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables. | 2025-11-24 |
| CVE | CVE-2025-8291 | The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locat | 2025-11-24 |
| CVE | CVE-2025-6075 | If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables. | 2025-11-24 |
| CVE | CVE-2025-8291 | The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locat | 2025-11-24 |
| CVE | CVE-2025-6075 | If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables. | 2025-11-24 |
| CVE | CVE-2025-8291 | The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locat | 2025-11-24 |
| CVE | CVE-2025-8194 | There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process | 2025-08-22 |
| CVE | CVE-2025-6069 | The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplifie | 2025-08-22 |
| CVE | CVE-2025-8194 | There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process | 2025-08-22 |
| CVE | CVE-2025-6069 | The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplifie | 2025-08-22 |
| CVE | CVE-2025-8194 | There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process | 2025-08-22 |
| CVE | CVE-2025-6069 | The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplifie | 2025-08-22 |
| CVE | CVE-2025-8194 | There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process | 2025-08-22 |
| CVE | CVE-2025-6069 | The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplifie | 2025-08-22 |
| CVE | CVE-2025-4517 | Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if | 2025-06-19 |
| CVE | CVE-2025-4435 | When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extrac | 2025-06-19 |
| CVE | CVE-2025-4330 | Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file me | 2025-06-19 |
| CVE | CVE-2025-4138 | Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file me | 2025-06-19 |
About
-
Send Feedback to @ubuntu_updates
