Overview
Request 1157613 accepted
- Update to 6.0.0 (bsc#1221331, CVE-2024-27758):
* #551 Resolves security issue that results in RCE. The fix breaks
backwards compatibility for those that rely on the __array__
attribute used by numpy. This RCE is only exploitable when the
server-side gets the attribute __array__ and calls it (e.g.,
np.array(x)). This issues effects all versions since major release
4.
Request History
dgarcia created request
- Update to 6.0.0 (bsc#1221331, CVE-2024-27758):
* #551 Resolves security issue that results in RCE. The fix breaks
backwards compatibility for those that rely on the __array__
attribute used by numpy. This RCE is only exploitable when the
server-side gets the attribute __array__ and calls it (e.g.,
np.array(x)). This issues effects all versions since major release
4.
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
anag+factory added as a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:adi:88"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:adi:88"
dimstar accepted review
anag+factory accepted review
Staging Project openSUSE:Factory:Staging:adi:88 got accepted.
anag+factory approved review
Staging Project openSUSE:Factory:Staging:adi:88 got accepted.
anag+factory accepted request
Staging Project openSUSE:Factory:Staging:adi:88 got accepted.