3 matches found
SUSE-SU-2026:22300-1 Security update for python-pip
This update for python-pip fixes the following issue - CVE-2026-8643: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite bsc1266669...
OPENSUSE-SU-2026:20993-1 Security update for python-pip
This update for python-pip fixes the following issue - CVE-2026-8643: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite bsc1266669...
PT-2026-45490
Summary EntryPoint::FromStr in rattler conda types performs only .trim on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, , or an...