Описание
ELSA-2025-38828: python-zipp security update (MODERATE)
[3.20.1-2]
- Make package buildable for epel>=9
[3.20.1-1]
- Update to 3.20.1 (rhbz#2307990)
[3.20.0-1]
- Update to 3.20.0 (rhbz#2304028)
[3.19.2-3]
[3.19.2-2]
- Rebuilt for Python 3.13
[3.19.2-1]
- Update to 3.19.2 (rhbz#2290429)
[3.19.1-1]
- Update to 3.19.1 (rhbz#2284137)
[3.19.0-1]
- Update to 3.19.0 (rhbz#2283322)
[3.18.1-1]
- Update to 3.18.1 (rhbz#2269634)
[3.18.0-1]
- Update to 3.18.0 (rhbz#2269300)
[3.17.0-3]
[3.17.0-2]
[3.17.0-1]
- Update to 3.17.0 (rhbz#2239492)
[3.16.2-2]
[3.16.2-1]
- Update to 3.16.2 (rhbz#2221413), SPDX license
[3.15.0-2]
- Rebuilt for Python 3.12
[3.15.0-1]
- Update to 3.15.0 (rhbz#2173260)
[3.14.0-1]
- Update to 3.14.0 (rhbz#2171124)
[3.13.0-1]
- Update to 3.13.0 (rhbz#2168671)
[3.12.1-1]
- Update to 3.12.1 (rhbz#2167196)
[3.12.0-1]
- Update to 3.12.0 (rhbz#2165156)
[3.11.0-2]
[3.11.0-1]
- Update to 3.11.0 (rhbz#2148541)
[3.10.0-1]
- Update to 3.10.0 Resolves: rhbz#2137172
[3.9.1-1]
- Update to 3.9.1 Resolves: rhbz#2137172
[3.9.0-1]
- Update to 3.9.0 Resolves: rhbz#2133213
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
python3-zipp
3.20.1-2.el9
Oracle Linux x86_64
python3-zipp
3.20.1-2.el9
Связанные CVE
Связанные уязвимости
A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.
A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.
A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.
A Denial of Service (DoS) vulnerability exists in the jaraco/zipp libr ...