[Git][security-tracker-team/security-tracker][master] python2.7: associate past python3.x CVEs to python2.7 (2)

Sat, 15 Apr 2023 03:30:17 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
68ecea4f by Sylvain Beucler at 2023-04-15T12:28:56+02:00
python2.7: associate past python3.x CVEs to python2.7 (2)
Follow-up to fb0c9868f5bb6a7c5457f397cdfb603d629ef0c3
Compare with python3.7/buster in addition to python3.9/bullseye.
CVE-2020-14422 also affect the py2 backport in python-ipaddress.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -220201,6 +220201,8 @@ CVE-2020-14422 (Lib/ipaddress.py in Python through 
3.8.3 improperly computes has
        - python3.5 <removed>
        - python3.4 <removed>
        [jessie] - python3.4 <postponed> (Minor issue, DoS with constraints)
+       - python2.7 <not-affected> (ipaddress module introduced in 3.3)
+       - python-ipaddress <removed>
        NOTE: https://bugs.python.org/issue41004
        NOTE: https://github.com/python/cpython/pull/20956
        NOTE: https://github.com/python/cpython/pull/21033
@@ -237714,6 +237716,7 @@ CVE-2020-8428 (fs/namei.c in the Linux kernel before 
5.5 has a may_create_in_sti
 CVE-2020-8315 (In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 
3.8 thr ...)
        - python3.8 <not-affected> (Windows-specific)
        - python3.7 <not-affected> (Windows-specific)
+       - python2.7 <not-affected> (Vulnerable code not present)
        NOTE: https://bugs.python.org/issue39401
 CVE-2020-8314
        RESERVED
@@ -306531,6 +306534,7 @@ CVE-2018-20406 (Modules/_pickle.c in Python before 
3.7.1 has an integer overflow
        - python3.6 3.6.7~rc1-1 (unimportant)
        - python3.5 <removed> (unimportant)
        - python3.4 <removed> (unimportant)
+       - python2.7 <not-affected> (Vulnerable code not present)
        NOTE: https://bugs.python.org/issue34656
        NOTE: 
https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd
 (master)
        NOTE: 
https://github.com/python/cpython/commit/ef4306b24c9034d6b37bb034e2ebe82e745d4b77
 (3.7)
@@ -347810,6 +347814,7 @@ CVE-2018-1000117 (Python Software Foundation CPython 
version From 3.2 until 3.6.
        - python3.6 <not-affected> (Windows-specific)
        - python3.5 <not-affected> (Windows-specific)
        - python3.4 <not-affected> (Windows-specific)
+       - python2.7 <not-affected> (os.symlink for Windows introduced in 3.2)
        NOTE: 
http://hg.python.org/lookup/6921e73e33edc3c61bc2d78ed558eaa22a89a564
        NOTE: https://bugs.python.org/issue33001
 CVE-2018-7740 (The resv_map_release function in mm/hugetlb.c in the Linux 
kernel thro ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68ecea4f31a73751abc16aa4d4af9492499eb939

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68ecea4f31a73751abc16aa4d4af9492499eb939
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to