@@ -2798,25 +2798,25 @@ os.path
27982798 :data: `os.path.ALLOW_MISSING `.
27992799 If used, errors other than :exc: `FileNotFoundError ` will be re-raised;
28002800 the resulting path can be missing but it will be free of symlinks.
2801- (Contributed by Petr Viktorin for :cve: ` 2025-4517 ` .)
2801+ (Contributed by Petr Viktorin for CVE 2025-4517.)
28022802
28032803tarfile
28042804-------
28052805
28062806* :func: `~tarfile.data_filter ` now normalizes symbolic link targets in order to
28072807 avoid path traversal attacks.
2808- (Contributed by Petr Viktorin in :gh: `127987 ` and :cve: ` 2025-4138 ` .)
2808+ (Contributed by Petr Viktorin in :gh: `127987 ` and CVE 2025-4138.)
28092809* :func: `~tarfile.TarFile.extractall ` now skips fixing up directory attributes
28102810 when a directory was removed or replaced by another kind of file.
2811- (Contributed by Petr Viktorin in :gh: `127987 ` and :cve: ` 2024-12718 ` .)
2811+ (Contributed by Petr Viktorin in :gh: `127987 ` and CVE 2024-12718.)
28122812* :func: `~tarfile.TarFile.extract ` and :func: `~tarfile.TarFile.extractall `
28132813 now (re-)apply the extraction filter when substituting a link (hard or
28142814 symbolic) with a copy of another archive member, and when fixing up
28152815 directory attributes.
28162816 The former raises a new exception, :exc: `~tarfile.LinkFallbackError `.
2817- (Contributed by Petr Viktorin for :cve: ` 2025-4330 ` and :cve: ` 2024-12718 ` .)
2817+ (Contributed by Petr Viktorin for CVE 2025-4330 and CVE 2024-12718.)
28182818* :func: `~tarfile.TarFile.extract ` and :func: `~tarfile.TarFile.extractall `
28192819 no longer extract rejected members when
28202820 :func: `~tarfile.TarFile.errorlevel ` is zero.
28212821 (Contributed by Matt Prodani and Petr Viktorin in :gh: `112887 `
2822- and :cve: ` 2025-4435 ` .)
2822+ and CVE 2025-4435.)
0 commit comments