Merging upstream version 4.66.4:
- any optional non-boolean CLI arguments are passed through python's eval, allowing arbitrary code execution [CVE-2024-34062] (Closes: #1070372). Signed-off-by: Daniel Baumann <daniel@debian.org>
This commit is contained in:
parent
cc4eb343db
commit
10170fb64c
GPG key ID:
FBB4F0E80A80222F
18 changed files with 64 additions and 52 deletions
|
|
@ -413,7 +413,7 @@
|
|||
" \"\"\"Provides a `total_time` format parameter\"\"\"\n",
|
||||
" @property\n",
|
||||
" def format_dict(self):\n",
|
||||
" d = super(TqdmExtraFormat, self).format_dict\n",
|
||||
" d = super().format_dict\n",
|
||||
" total_time = d[\"elapsed\"] * (d[\"total\"] or 0) / max(d[\"n\"], 1)\n",
|
||||
" d.update(total_time=self.format_interval(total_time) + \" in total\")\n",
|
||||
" return d\n",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue