tags 1136204 help thanks On Sun, May 10, 2026 at 08:09:57PM +0200, Salvatore Bonaccorso wrote:
> For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2024-44825 > https://www.cve.org/CVERecord?id=CVE-2024-44825 > [1] > https://github.com/invesalius/invesalius3/commit/8b966260b3d9510e3ddc473aac4cc6578bab3aab For the record: The patch that needs to be applied does not apply cleanly over the current version: Importing patch 8b966260b3d9510e3ddc473aac4cc6578bab3aab.patch Applying patch 8b966260b3d9510e3ddc473aac4cc6578bab3aab.patch patching file .gitignore patching file invesalius/project.py Hunk #1 FAILED at 31. Hunk #2 succeeded at 481 with fuzz 1 (offset -20 lines). Hunk #3 FAILED at 512. Hunk #4 FAILED at 537. 3 out of 4 hunks FAILED -- rejects in file invesalius/project.py Patch 8b966260b3d9510e3ddc473aac4cc6578bab3aab.patch does not apply (enforce with -f) Patch 8b966260b3d9510e3ddc473aac4cc6578bab3aab.patch is not applied In particular, the patch tries to modify this: - tar_filter = getattr(tarfile, "tar_filter", None) # For python < 3.12 + tar_filter = getattr(tarfile, "tar_filter", None) but the Debian package in unstable does not have such line yet, so we would need a yet-to-see amount of patches before [8b96626] for this to work. I'm tagging this as "help" and Cc:ing Thiago (who created the package) in the hope that he (or somebody else) can care about this. Thanks.
