SUSE-SU-2026:20928-1 Security update for python-black

This update for python-black fixes the following issues: - CVE-2026-31900: a malicious pyproject.toml edit can lead to arbitrary code execution bsc1259546. - CVE-2026-32274: arbitrary file writes from unsanitized user input in cache file name bsc1259608...

OPENSUSE-SU-2026:20417-1 Security update for python-black

This update for python-black fixes the following issues: - CVE-2026-31900: a malicious pyproject.toml edit can lead to arbitrary code execution bsc1259546. - CVE-2026-32274: arbitrary file writes from unsanitized user input in cache file name bsc1259608...

openSUSE 15 Security Update : python-black (SUSE-SU-2026:0900-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0900-1 advisory. This update for python-black fixes the following issue: - CVE-2026-32274: arbitrary file writes from unsanitized user input in cache file name bsc1259608...

CVE-2026-32274 Black: Arbitrary file writes from unsanitized user input in cache file name

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

CVE-2026-32274 Black: Arbitrary file writes from unsanitized user input in cache file name

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

Black: Arbitrary file writes from unsanitized user input in cache file name

Impact Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the value of this argument to write cache files to arbitrary file...

CVE-2014-1402

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...