Skip to content

Commit fcefa72

Browse files
sethmlarsonsethmlarson
committed
Add blurb
1 parent 335921b commit fcefa72

File tree

1 file changed

+7
-0
lines changed

1 file changed

+7
-0
lines changed

Misc/NEWS.d/next/Security/2025-06-02-11-32-23.gh-issue-135034.RLGjbp.rst

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
cat Misc/NEWS.d/next/Security/2025-06-02-11-32-23.gh-issue-135034.RLGjbp.rst
2+
Fixes multiple issues that allowed ``tarfile`` extraction filters
3+
(``filter="data"`` and ``filter="tar"``) to be bypassed using crafted
4+
symlinks and hard links.
5+
6+
Addresses :cve:`2024-12718`, :cve:`2025-4138`, :cve:`2025-4330`, and :cve:`2025-4517`.
7+

0 commit comments

Comments
 (0)