Releases retrieved: 3.20.1 Upstream release that is considered latest: 3.20.1 Current version/release in rawhide: 3.20.0-1.fc41 URL: https://pypi.org/project/zipp/1.0.0 Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/63514/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-zipp
I believe this fixes CVE-2024-8088 as this is the official backport of the standard library zipfile.Path object. https://github.com/jaraco/zipp/pull/120
(In reply to Miro Hrončok from comment #1) > I believe this fixes CVE-2024-8088 as this is the official backport of the > standard library zipfile.Path object. > > https://github.com/jaraco/zipp/pull/120 Oh, this is part of 3.19.1. This means some Feodora versions are still vulnerable, but the fix is irrelevant to this upgrade bugzilla.
FEDORA-2024-67528c51d8 (python-zipp-3.20.1-1.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2024-67528c51d8
FEDORA-2024-67528c51d8 (python-zipp-3.20.1-1.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report.