[Git][security-tracker-team/security-tracker][master] Add some additional reference for CVE-2022-4856{4,5}

Thu, 24 Aug 2023 21:24:24 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
54a44ecd by Salvatore Bonaccorso at 2023-08-25T06:23:28+02:00
Add some additional reference for CVE-2022-4856{4,5}

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -338,19 +338,25 @@ CVE-2022-48565 (An XML External Entity (XXE) issue was 
discovered in Python thro
        - python3.7 <removed>
        - python2.7 <removed>
        [bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only 
included to build a few applications)
+       NOTE: https://bugs.python.org/issue42051
        NOTE: https://github.com/python/cpython/issues/86217
        NOTE: 
https://github.com/python/cpython/commit/05ee790f4d1cd8725a90b54268fc1dfe5b4d1fa2
 (v3.10.0a2)
-       NOTE: 
https://github.com/python/cpython/commit/479553c7c11306a09ce34edb6ef208133b7b95fe
 (3.9)
+       NOTE: 
https://github.com/python/cpython/commit/479553c7c11306a09ce34edb6ef208133b7b95fe
 (v3.9.1rc1)
+       NOTE: 
https://github.com/python/cpython/commit/65894cac0835cb8f469f649e20aa1be8bf89f5ae
 (v3.8.7rc1)
        NOTE: 
https://github.com/python/cpython/commit/e512bc799e3864fe3b1351757261762d63471efc
 (v3.7.10)
+       NOTE: 
https://github.com/python/cpython/commit/a158fb9c5138db94adf24fbc5690467cda811163
 (v3.6.13)
 CVE-2022-48564 (read_ints in plistlib.py in Python through 3.9.1 is vulnerable 
to a po ...)
        - python3.9 3.9.1~rc1-1
        - python3.7 <removed>
        - python2.7 <removed>
        [bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only 
included to build a few applications)
+       NOTE: https://bugs.python.org/issue42103
        NOTE: https://github.com/python/cpython/issues/86269
        NOTE: 
https://github.com/python/cpython/commit/34637a0ce21e7261b952fbd9d006474cc29b681f
 (v3.10.0a2)
-       NOTE: 
https://github.com/python/cpython/commit/e277cb76989958fdbc092bf0b2cb55c43e86610a
 (3.9)
+       NOTE: 
https://github.com/python/cpython/commit/e277cb76989958fdbc092bf0b2cb55c43e86610a
 (v3.9.1rc1)
+       NOTE: 
https://github.com/python/cpython/commit/547d2bcc55e348043b2f338027c1acd9549ada76
 (v3.8.7rc1)
        NOTE: 
https://github.com/python/cpython/commit/225e3659556616ad70186e7efc02baeebfeb5ec4
 (v3.7.10)
+       NOTE: 
https://github.com/python/cpython/commit/a63234c49b2fbfb6f0aca32525e525ce3d43b2b4
 (v3.6.13)
 CVE-2022-48560 (A use-after-free exists in Python through 3.9 via heappushpop 
in heapq ...)
        - python3.9 <not-affected> (Fixed before initial upload to the archive)
        - python3.7 3.7.7-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54a44ecd31913fcc31e3f08969dff1ed89a7b81c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54a44ecd31913fcc31e3f08969dff1ed89a7b81c
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to