Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
55815194 by Salvatore Bonaccorso at 2023-08-23T22:43:46+02:00
Add python2.7 entries to some "new" python CVEs
This should facilitate tracking for python2.7 for the LTS suites.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -139,11 +139,15 @@ CVE-2022-48570 (Crypto++ through 8.4 contains a timing
side channel in ECDSA sig
CVE-2022-48566 (An issue was discovered in compare_digest in Lib/hmac.py in
Python thr ...)
- python3.9 3.9.0~b4-1
- python3.7 <removed>
+ - python2.7 <removed>
+ [bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only
included to build a few applications)
NOTE:
https://github.com/python/cpython/commit/8183e11d87388e4e44e3242c42085b87a878f781
NOTE: https://github.com/python/cpython/issues/84968
CVE-2022-48565 (An XML External Entity (XXE) issue was discovered in Python
through 3. ...)
- python3.9 3.9.1~rc1-1
- python3.7 <removed>
+ - python2.7 <removed>
+ [bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only
included to build a few applications)
NOTE: https://github.com/python/cpython/issues/86217
NOTE:
https://github.com/python/cpython/commit/05ee790f4d1cd8725a90b54268fc1dfe5b4d1fa2
(v3.10.0a2)
NOTE:
https://github.com/python/cpython/commit/479553c7c11306a09ce34edb6ef208133b7b95fe
(3.9)
@@ -151,6 +155,8 @@ CVE-2022-48565 (An XML External Entity (XXE) issue was
discovered in Python thro
CVE-2022-48564 (read_ints in plistlib.py in Python through 3.9.1 is vulnerable
to a po ...)
- python3.9 3.9.1~rc1-1
- python3.7 <removed>
+ - python2.7 <removed>
+ [bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only
included to build a few applications)
NOTE: https://github.com/python/cpython/issues/86269
NOTE:
https://github.com/python/cpython/commit/34637a0ce21e7261b952fbd9d006474cc29b681f
(v3.10.0a2)
NOTE:
https://github.com/python/cpython/commit/e277cb76989958fdbc092bf0b2cb55c43e86610a
(3.9)
@@ -158,6 +164,8 @@ CVE-2022-48564 (read_ints in plistlib.py in Python through
3.9.1 is vulnerable t
CVE-2022-48560 (A use-after-free exists in Python through 3.9 via heappushpop
in heapq ...)
- python3.9 <not-affected> (Fixed before initial upload to the archive)
- python3.7 <removed>
+ - python2.7 <removed>
+ [bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only
included to build a few applications)
NOTE: https://github.com/python/cpython/issues/83602
NOTE:
https://github.com/python/cpython/commit/79f89e6e5a659846d1068e8b1bd8e491ccdef861
(v3.9.0a3)
NOTE:
https://github.com/python/cpython/commit/958064f8d2b84062b0582bbae911df8ccfc11fd6
(v3.7.7rc1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/558151947e8e4678f26a54e283a9fe0ada754bc9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/558151947e8e4678f26a54e283a9fe0ada754bc9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
