PublicArchive/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-05-06 04:37:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

[3.11] gh-145506: Fixes CVE-2026-2297 by ensuring SourcelessFileLoader uses io.open_code (GH-145507) (#145515)

Browse Source 
* gh-145506: Fixes CVE-2026-2297 by ensuring SourcelessFileLoader uses io.open_code (GH-145507)
(cherry picked from commit a51b1b512d)

Co-authored-by: Steve Dower <steve.dower@python.org>

* Fix docs reference

---------

Co-authored-by: Steve Dower <steve.dower@python.org>
This commit is contained in:
Miss Islington (bot)
2026-04-30 23:18:42 +02:00
committed by GitHub
parent e20c6c9667
commit 69ddd9bb2c
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Lib/importlib/_bootstrap_external.py
+1 -1
View File
@@ -1126,7 +1126,7 @@ class FileLoader:
def get_data(self, path):
"""Return the data from path as raw bytes."""
if isinstance(self, (SourceLoader, ExtensionFileLoader)):
if isinstance(self, (SourceLoader, SourcelessFileLoader, ExtensionFileLoader)):
with _io.open_code(str(path)) as file:
return file.read()
else:
Misc/NEWS.d/next/Security/2026-03-04-18-59-17.gh-issue-145506.6hwvEh.rst
+2
View File
@@ -0,0 +1,2 @@
Fixes CVE-2026-2297 by ensuring that ``SourcelessFileLoader`` uses
:func:`io.open_code` when opening ``.pyc`` files.