Bug 55417

Summary: CVE-2025-47273 in python3-module-setuptools
Product: Branch p11 Reporter: radiatedmonday
Component: python3-module-setuptoolsAssignee: Stanislav Levin <slev>
Status: CLOSED FIXED QA Contact: qa-p11 <qa-p11>
Severity: blocker    
Priority: P5 CC: amakeenk
Version: unspecified   
Hardware: x86_64   
OS: Linux   

Description radiatedmonday 2025-07-30 11:06:04 MSK 
A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
Comment 1 Alexander Makeenkov 2025-07-30 11:06:53 MSK 
https://packages.altlinux.org/ru/tasks/384856/
Comment 2 Stanislav Levin 2025-07-31 09:50:18 MSK 
python3-module-setuptools 80.7.1-alt1 в P11.