summaryrefslogtreecommitdiff
path: root/bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
diff options
context:
space:
mode:
Diffstat (limited to 'bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch')
-rw-r--r--bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch17
1 files changed, 17 insertions, 0 deletions
diff --git a/bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch b/bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
new file mode 100644
index 0000000..97707a5
--- /dev/null
+++ b/bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
@@ -0,0 +1,17 @@
+--- a/kubevirt/dateutil/zoneinfo/rebuild.py 2023-01-26 16:29:30.000000000 +0100
++++ b/kubevirt/dateutil/zoneinfo/rebuild.py 2023-07-19 10:12:42.277559948 +0200
+@@ -21,7 +21,12 @@
+ try:
+ with TarFile.open(filename) as tf:
+ for name in zonegroups:
+- tf.extract(name, tmpdir)
++ if hasattr(tarfile, 'data_filter'):
++ # Python with CVE-2007-4559 mitigation (PEP 706)
++ tf.extract(name, tmpdir, filter='data')
++ else:
++ # Fallback to a possibly dangerous extraction (before PEP 706)
++ tf.extract(name, tmpdir)
+ filepaths = [os.path.join(tmpdir, n) for n in zonegroups]
+
+ _run_zic(zonedir, filepaths)
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-20 12:10:21 +0000