Bugs fixes in "python3.12"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2025-4330 | Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file me | 2025-06-19 |
| CVE | CVE-2025-4138 | Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file me | 2025-06-19 |
| CVE | CVE-2024-12718 | Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extrac | 2025-06-19 |
| CVE | CVE-2025-4517 | Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if | 2025-06-19 |
| CVE | CVE-2025-4435 | When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extrac | 2025-06-19 |
| CVE | CVE-2025-4330 | Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file me | 2025-06-19 |
| CVE | CVE-2025-4138 | Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file me | 2025-06-19 |
| CVE | CVE-2024-12718 | Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extrac | 2025-06-19 |
| CVE | CVE-2025-4516 | There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding | 2025-06-17 |
| CVE | CVE-2025-1795 | During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is a | 2025-06-17 |
| CVE | CVE-2025-4516 | There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding | 2025-06-16 |
| CVE | CVE-2025-1795 | During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is a | 2025-06-16 |
| CVE | CVE-2025-4516 | There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding | 2025-06-16 |
| CVE | CVE-2025-1795 | During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is a | 2025-06-16 |
| CVE | CVE-2025-4516 | There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding | 2025-06-16 |
| CVE | CVE-2025-1795 | During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is a | 2025-06-16 |
| CVE | CVE-2025-0938 | The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid ac | 2025-02-21 |
| CVE | CVE-2025-0938 | The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid ac | 2025-02-21 |
| CVE | CVE-2025-0938 | The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid ac | 2025-02-20 |
| CVE | CVE-2025-0938 | The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid ac | 2025-02-20 |
About
-
Send Feedback to @ubuntu_updates
