Andrej Shadura pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5009e72c by Andrej Shadura at 2025-10-31T08:08:09+01:00
Reserve DLA-4354-1 for pypy3
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -45806,7 +45806,6 @@ CVE-2025-6069 (The html.parser.HTMLParser class had
worse-case quadratic complex
- pypy3 <unfixed> (bug #1118430)
[trixie] - pypy3 <no-dsa> (Minor issue)
[bookworm] - pypy3 <no-dsa> (Minor issue)
- [bullseye] - pypy3 <postponed> (Minor issue; DoS)
- jython <unfixed> (bug #1109376)
[trixie] - jython <no-dsa> (Minor issue)
[bookworm] - jython <no-dsa> (Minor issue)
@@ -80365,7 +80364,6 @@ CVE-2025-1795 (During an address list folding when a
separating comma ends up on
- python3.9 <removed>
- pypy3 7.3.18+dfsg-1
[bookworm] - pypy3 <no-dsa> (Minor issue)
- [bullseye] - pypy3 <postponed> (Minor issue)
NOTE: https://github.com/python/cpython/issues/100884
NOTE: Regression issue: https://github.com/python/cpython/issues/118643
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/
@@ -90636,7 +90634,6 @@ CVE-2025-0938 (The Python standard library functions
`urllib.parse.urlsplit` and
- python3.9 <removed>
- pypy3 7.3.18+dfsg-2
[bookworm] - pypy3 <no-dsa> (Minor issue)
- [bullseye] - pypy3 <postponed> (Minor issue)
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/
NOTE: https://github.com/python/cpython/issues/105704
NOTE: https://github.com/python/cpython/pull/129418
@@ -114183,7 +114180,6 @@ CVE-2024-11168 (The urllib.parse.urlsplit() and
urlparse() functions improperly
- python3.9 <removed>
- pypy3 7.3.18+dfsg-1
[bookworm] - pypy3 <no-dsa> (Minor issue)
- [bullseye] - pypy3 <postponed> (Minor issue)
NOTE: https://github.com/python/cpython/issues/103848
NOTE: https://github.com/python/cpython/pull/103849
NOTE:
https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5
(v3.12.0b1)
@@ -133246,7 +133242,6 @@ CVE-2024-6232 (There is a MEDIUM severity
vulnerability affecting CPython.
[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only
included to build a few applications)
- pypy3 7.3.18+dfsg-1
[bookworm] - pypy3 <no-dsa> (Minor issue)
- [bullseye] - pypy3 <postponed> (Minor issue; ReDoS)
NOTE: https://github.com/python/cpython/issues/121285
NOTE: https://github.com/python/cpython/pull/121286
NOTE:
https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373
(v3.13.0rc2)
@@ -136373,7 +136368,6 @@ CVE-2024-7592 (There is a LOW severity vulnerability
affecting CPython, specific
- python3.9 <removed>
- pypy3 7.3.18+dfsg-1
[bookworm] - pypy3 <no-dsa> (Minor issue)
- [bullseye] - pypy3 <postponed> (Minor issue; DoS)
NOTE: https://github.com/python/cpython/pull/123075
NOTE: https://github.com/python/cpython/issues/123067
NOTE:
https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621
(v3.13.0rc2)
@@ -140690,7 +140684,6 @@ CVE-2024-6923 (There is a MEDIUM severity
vulnerability affecting CPython. The
[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only
included to build a few applications)
- pypy3 7.3.18+dfsg-1
[bookworm] - pypy3 <no-dsa> (Minor issue)
- [bullseye] - pypy3 <postponed> (Minor issue)
NOTE: https://github.com/python/cpython/issues/121650
NOTE: https://github.com/python/cpython/pull/122233
NOTE:
https://github.com/python/cpython/commit/4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0
(v3.13.0rc2)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Oct 2025] DLA-4354-1 pypy3 - security update
+ {CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 CVE-2024-11168 CVE-2025-0938
CVE-2025-1795 CVE-2025-6069 CVE-2025-8291}
+ [bullseye] - pypy3 7.3.5+dfsg-2+deb11u5
[29 Oct 2025] DLA-4353-1 xorg-server - security update
{CVE-2025-62229 CVE-2025-62230 CVE-2025-62231}
[bullseye] - xorg-server 2:1.20.11-1+deb11u17
=====================================
data/dla-needed.txt
=====================================
@@ -281,11 +281,6 @@ php-laravel-framework
NOTE: 20251027: tests is required to prevent regressions, but I could not
get the upstream
NOTE: 20251027: test suite to work. It is not exercised as part of Debian
packages build. (paride)
--
-pypy3 (andrewsh)
- NOTE: 20250718: Added by Front-Desk (Beuc)
- NOTE: 20250718: Sponsored through pypy[v2] which is obsoleted in bullseye.
- NOTE: 20250718: Many postponed vulnerabilities, sync python3 fixes.
(Beuc/front-desk)
---
pytorch (dleidert)
NOTE: 20250422: Added by Front-Desk (rouca)
NOTE: 20250422: CVE-2025-32434 RCE need to be fixed. DoS may be postponed
(rouca/FD)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5009e72c47c00acca48dfccef1bc4844b3d3ebdd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5009e72c47c00acca48dfccef1bc4844b3d3ebdd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
