[3.9] bpo-39017: Avoid infinite loop in the tarfile module (GH-21454) (GH-21482)

Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907). (cherry picked from commit 5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4) Co-authored-by: Rishi <rishi_devan@mail.com> Automerge-Triggered-By: @encukou
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> 2020-07-15 12:30:33 (GMT)
committer: GitHub <noreply@github.com> 2020-07-15 12:30:33 (GMT)
commit: f3232294ee695492f43d424cc6969d018d49861d (patch)
tree: bc2a7128a5a8f258eb926ec785aa04caf367050d /Misc/NEWS.d/next
parent: 805874a9f1c3840bd4f61f9b6a7a7eebae7bae8e (diff)
download: cpython-f3232294ee695492f43d424cc6969d018d49861d.zip
cpython-f3232294ee695492f43d424cc6969d018d49861d.tar.gz
cpython-f3232294ee695492f43d424cc6969d018d49861d.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst b/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
new file mode 100644
index 0000000..ad26676
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
@@ -0,0 +1 @@
+Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	2020-07-15 12:30:33 (GMT)
committer	GitHub <noreply@github.com>	2020-07-15 12:30:33 (GMT)
commit	f3232294ee695492f43d424cc6969d018d49861d (patch)
tree	bc2a7128a5a8f258eb926ec785aa04caf367050d /Misc/NEWS.d/next
parent	805874a9f1c3840bd4f61f9b6a7a7eebae7bae8e (diff)
download	cpython-f3232294ee695492f43d424cc6969d018d49861d.zip cpython-f3232294ee695492f43d424cc6969d018d49861d.tar.gz cpython-f3232294ee695492f43d424cc6969d018d49861d.tar.bz2