Commit e278bc0
committed
Release v1.1.3: Multiple security fixes
- CVE-2026-23879: Arbitrary File Write Vulnerability in py7zr (high severity)
- CVE-2026-55206: O(n^2) algorithmic complexity DoS in PackInfo._read() in py7zr
- CVE-2026-55195: py7zr <= 1.1.2: Decompression bomb (zip bomb) denial of service via unchecked extraction size1 parent e4a225b commit e278bc0
1 file changed
Lines changed: 5 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
9 | 9 | | |
10 | 10 | | |
11 | 11 | | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
12 | 15 | | |
13 | 16 | | |
14 | 17 | | |
| |||
224 | 227 | | |
225 | 228 | | |
226 | 229 | | |
227 | | - | |
| 230 | + | |
| 231 | + | |
228 | 232 | | |
229 | 233 | | |
230 | 234 | | |
| |||
0 commit comments