X Tutup
Skip to content

[3.11] gh-130577: tarfile now validates archives to ensure member offsets are non-negative (GH-137027)#137172

Merged
pablogsal merged 1 commit intopython:3.11from
miss-islington:backport-7040aa5-3.11
Aug 19, 2025
Merged

[3.11] gh-130577: tarfile now validates archives to ensure member offsets are non-negative (GH-137027)#137172
pablogsal merged 1 commit intopython:3.11from
miss-islington:backport-7040aa5-3.11

Conversation

@miss-islington
Copy link
Contributor

@miss-islington miss-islington commented Jul 28, 2025
edited by bedevere-app bot
Loading

(cherry picked from commit 7040aa5)

Co-authored-by: Alexander Urieles aeurielesn@users.noreply.github.com
Co-authored-by: Gregory P. Smith greg@krypto.org

@aeurielesn @gpshead @miss-islington
pythongh-130577: tarfile now validates archives to ensure member offs…
cb35195 
…ets are non-negative (pythonGH-137027)

(cherry picked from commit 7040aa5)

Co-authored-by: Alexander Urieles <aeurielesn@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
This was referenced Jul 28, 2025
Closed
Merged
@gpshead gpshead assigned Yhg1s and pablogsal and unassigned Yhg1s Jul 28, 2025
@vEpiphyte vEpiphyte mentioned this pull request Jul 29, 2025
Merged
@Kevin-Molina
Copy link

Kevin-Molina commented Aug 19, 2025
edited
Loading

Howdy! Wondering if there's any ETA on this high CVE fix getting rolled out? Thank you!

CC: @pablogsal

@pablogsal pablogsal merged commit b4ec174 into python:3.11 Aug 19, 2025
27 checks passed
@pablogsal
Copy link
Member

pablogsal commented Aug 19, 2025
edited
Loading

Howdy! Wondering if there's any ETA on this high CVE fix getting rolled out? Thank you!

We can coordinate a release with the rest of the RM team. Will check with them soon

@Kevin-Molina
Copy link

Kevin-Molina commented Aug 25, 2025

Howdy! Wondering if there's any ETA on this high CVE fix getting rolled out? Thank you!

We can coordinate a release with the rest of the RM team. Will check with them soon

Happy Monday! Any luck on the 3.11 release for this CVE @pablogsal? 🙇

@pablogsal
Copy link
Member

pablogsal commented Aug 25, 2025

Howdy! Wondering if there's any ETA on this high CVE fix getting rolled out? Thank you!

We can coordinate a release with the rest of the RM team. Will check with them soon

Happy Monday! Any luck on the 3.11 release for this CVE @pablogsal? 🙇

We will probably coordinate to do a release of all supported versions around or after the core dev sprint (mid September) but still not confirmed. CC @ambv @Yhg1s

@vishal-chdhry vishal-chdhry mentioned this pull request Aug 29, 2025
Merged
@jgauth
Copy link

jgauth commented Sep 25, 2025

Hey @pablogsal, as we are nearing the end of September I wanted to check if you have an idea of when we might get the next 3.11 release. Thanks!

@miss-islington miss-islington deleted the backport-7040aa5-3.11 branch January 2, 2026 17:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ethanfurman ethanfurman ethanfurman approved these changes

Assignees

@pablogsal pablogsal

Labels

release-blocker type-security A security issue

Projects

Release and Deferred blockers 🚫
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@miss-islington @Kevin-Molina @pablogsal @jgauth @ethanfurman @gpshead @Yhg1s @aeurielesn
X Tutup