Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8e00ad01 by Sylvain Beucler at 2023-05-23T13:31:48+02:00
CVE-2022-0391/python: buster ignored + clarifications
In particular my python3.5/stretch triage led Ubuntu to believe the regression
was specific to that version;
also dropping the stretch triage entirely so it can be re-triaged in ELTS
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -102023,11 +102023,12 @@ CVE-2022-0391 (A flaw was found in Python,
specifically within the urllib.parse
- python3.7 <removed>
[buster] - python3.7 <no-dsa> (Minor issue)
- python3.5 <removed>
- [stretch] - python3.5 <postponed> (Minor issue; regressions reports)
- python3.4 <removed>
- python2.7 <removed>
[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only
included to build a few applications)
+ [buster] - python2.7 <ignored> (Minor issue, different approach to
sanitization; regressions reports)
NOTE: https://bugs.python.org/issue43882
+ NOTE: Regressions reported for django, boto-core and cloud-init
NOTE: Fixed by:
https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4
(v3.10.0b1)
NOTE: Followup for 3.10.x:
https://github.com/python/cpython/commit/24f1d1a8a2c4aa58a606b4b6d5fa4305a3b91705
(v3.10.0b2)
NOTE: Fixed by:
https://github.com/python/cpython/commit/491fde0161d5e527eeff8586dd3972d7d3a631a7
(v3.9.5)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e00ad01a540b69b706b83fb84b83f912df0f4f7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e00ad01a540b69b706b83fb84b83f912df0f4f7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
