Bug 55417 - CVE-2025-47273 in python3-module-setuptools
Summary: CVE-2025-47273 in python3-module-setuptools
Status: CLOSED FIXED
Alias: None
Product: Branch p11
Classification: Unclassified
Component: python3-module-setuptools (show other bugs)
Version: unspecified
Hardware: x86_64 Linux
: P5 blocker
Assignee: Stanislav Levin
QA Contact: qa-p11@altlinux.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-07-30 11:06 MSK by radiatedmonday
Modified: 2025-07-31 09:50 MSK (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description radiatedmonday 2025-07-30 11:06:04 MSK 
A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
Comment 1 Alexander Makeenkov 2025-07-30 11:06:53 MSK 
https://packages.altlinux.org/ru/tasks/384856/
Comment 2 Stanislav Levin 2025-07-31 09:50:18 MSK 
python3-module-setuptools 80.7.1-alt1 в P11.