@@ -2406,25 +2406,25 @@ os.path
24062406 :data:`os.path.ALLOW_MISSING ` .
24072407 If used, errors other than :exc:`FileNotFoundError ` will be re- raised;
24082408 the resulting path can be missing but it will be free of symlinks.
2409- (Contributed by Petr Viktorin for :cve: ` 2025 - 4517 `
2409+ (Contributed by Petr Viktorin for CVE 2025 - 4517 .)
24102410
24112411tarfile
24122412------ -
24132413
24142414* :func:`~ tarfile.data_filter` now normalizes symbolic link targets in order to
24152415 avoid path traversal attacks.
2416- (Contributed by Petr Viktorin in :gh:`127987 ` and :cve: ` 2025 - 4138 `
2416+ (Contributed by Petr Viktorin in :gh:`127987 ` and CVE 2025 - 4138 .)
24172417* :func:`~ tarfile.TarFile.extractall` now skips fixing up directory attributes
24182418 when a directory was removed or replaced by another kind of file .
2419- (Contributed by Petr Viktorin in :gh:`127987 ` and :cve: ` 2024 - 12718 `
2419+ (Contributed by Petr Viktorin in :gh:`127987 ` and CVE 2024 - 12718 .)
24202420* :func:`~ tarfile.TarFile.extract` and :func:`~ tarfile.TarFile.extractall`
24212421 now (re- )apply the extraction filter when substituting a link (hard or
24222422 symbolic) with a copy of another archive member, and when fixing up
24232423 directory attributes.
24242424 The former raises a new exception, :exc:`~ tarfile.LinkFallbackError` .
2425- (Contributed by Petr Viktorin for :cve: ` 2025 - 4330 ` and :cve: ` 2024 - 12718 `
2425+ (Contributed by Petr Viktorin for CVE 2025 - 4330 and CVE 2024 - 12718 .)
24262426* :func:`~ tarfile.TarFile.extract` and :func:`~ tarfile.TarFile.extractall`
24272427 no longer extract rejected members when
24282428 :func:`~ tarfile.TarFile.errorlevel` is zero.
24292429 (Contributed by Matt Prodani and Petr Viktorin in :gh:`112887 `
2430- and :cve: ` 2025 - 4435 `
2430+ and CVE 2025 - 4435 .)
0 commit comments