Abhijith PA pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
13e7aaf2 by Abhijith PA at 2021-06-17T02:53:20+05:30
python-pip is vulnerable to CVE-2021-3572 in stretch. Git refs are
splitted in get_full_refs(). Minor issue. Can fix in next release
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2237,6 +2237,7 @@ CVE-2021-33792
CVE-2021-3572 [Don't split git references on unicode separators #9827]
RESERVED
- python-pip 20.3.4-2
+ [stretch] - python-pip <postponed> (Minor issue. Fix along with next
DLA)
NOTE: https://bugs.launchpad.net/ubuntu/+source/python-pip/+bug/1926957
NOTE: https://github.com/pypa/pip/pull/9827
NOTE:
https://github.com/pypa/pip/commit/ca832b2836e0bffa7cf95589acdcd71230f5834e
(21.1)
=====================================
data/dla-needed.txt
=====================================
@@ -77,8 +77,6 @@ openexr
--
python-babel (Abhijith PA)
--
-python-pip (Abhijith PA)
---
ruby-actionpack-page-caching (Markus Koschany)
NOTE: 20200819: Upstream's patch on does not apply due to subsequent
NOTE: 20200819: refactoring. However, a quick look at the private
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13e7aaf2e9b8a702d49cc535cc443870d023a3ef
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13e7aaf2e9b8a702d49cc535cc443870d023a3ef
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
