On Sat, 31 Aug 2024 22:33:29 -0300 Santiago Ruano =?iso-8859-1?Q?Rinc=F3n?=
<santiag...@riseup.net> wrote:
> Source: python3.11
> Version: 3.11.2-6+deb12u3
> Severity: important
> Forwarded: https://github.com/python/cpython/issues/123270
> X-Debbugs-Cc: t...@security.debian.org
>
> Dear security team,
>
> python3.11 3.11.2-6+deb12u3 and especifically the CVE-2024-8088 introduced a
> regression in zipfile.Path. This has been reported upstream at:
> https://github.com/python/cpython/issues/123270.
>
> I have confirmed the change in behaviour described at:
> https://github.com/python/cpython/issues/123270#issuecomment-2307711914
> between 3.11.2-6+deb12u2 and 3.11.2-6+deb12u3.
>
> Cheers,
>
> -- System Information:
> Debian Release: 12.6
> APT prefers stable-updates
> APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
> 'oldstable-security'), (500, 'stable'), (500, 'oldstable'), (1, 'unstable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 6.1.0-23-amd64 (SMP w/16 CPU threads; PREEMPT)
> Kernel taint flags: TAINT_WARN
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
> LANGUAGE=en_US:en
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
>
> -- no debconf information
