Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b46d9718 by Salvatore Bonaccorso at 2026-01-22T07:46:14+01:00
Add new python issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -397,7 +397,16 @@ CVE-2026-0865 (User-controlled header names and values
containing newlines can a
NOTE:
https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2
(3.10-branch)
TODO: check completeness
CVE-2026-0672 (When using http.cookies.Morsel, user-controlled cookie values
and para ...)
- TODO: check
+ - python3.14 <unfixed>
+ - python3.13 <unfixed>
+ - python3.11 <removed>
+ - python3.9 <removed>
+ - pypy3 <unfixed>
+ NOTE: https://github.com/python/cpython/pull/143920
+ NOTE: https://github.com/python/cpython/issues/143919
+ NOTE:
https://mail.python.org/archives/list/[email protected]/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/
+ NOTE:
https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70
+ TODO: check completeness
CVE-2025-68133 (EVerest is an EV charging software stack. In versions 2025.9.0
and bel ...)
NOT-FOR-US: EVerest
CVE-2025-66902 (An input validation issue in in Pithikos websocket-server
v.0.6.4 allo ...)
@@ -425,11 +434,38 @@ CVE-2025-57155 (NULL pointer dereference in the
daap_reply_groups function in sr
CVE-2025-15521 (The Academy LMS \u2013 WordPress LMS Plugin for Complete
eLearning Sol ...)
NOT-FOR-US: WordPress plugin
CVE-2025-15367 (The poplib module, when passed a user-controlled command, can
have add ...)
- TODO: check
+ - python3.14 <unfixed>
+ - python3.13 <unfixed>
+ - python3.11 <removed>
+ - python3.9 <removed>
+ - pypy3 <unfixed>
+ NOTE: https://github.com/python/cpython/issues/143923
+ NOTE: https://github.com/python/cpython/pull/143924
+ NOTE:
https://mail.python.org/archives/list/[email protected]/thread/CBFBOWVGGUJFSGITQCCBZS4GEYYZ7ZNE/
+ NOTE:
https://github.com/python/cpython/commit/b234a2b67539f787e191d2ef19a7cbdce32874e7
(main)
+ TODO: check completeness
CVE-2025-15366 (The imaplib module, when passed a user-controlled command, can
have ad ...)
- TODO: check
+ - python3.14 <unfixed>
+ - python3.13 <unfixed>
+ - python3.11 <removed>
+ - python3.9 <removed>
+ - pypy3 <unfixed>
+ NOTE: https://github.com/python/cpython/issues/143921
+ NOTE: https://github.com/python/cpython/pull/143922
+ NOTE:
https://mail.python.org/archives/list/[email protected]/thread/DD7C7JZJYTBXMDOWKCEIEBJLBRU64OMR/
+ NOTE:
https://github.com/python/cpython/commit/6262704b134db2a4ba12e85ecfbd968534f28b45
(main)
+ TODO: check completeness
CVE-2025-15282 (User-controlled data URLs parsed by urllib.request.DataHandler
allow i ...)
- TODO: check
+ - python3.14 <unfixed>
+ - python3.13 <unfixed>
+ - python3.11 <removed>
+ - python3.9 <removed>
+ - pypy3 <unfixed>
+ NOTE: https://github.com/python/cpython/issues/143925
+ NOTE: https://github.com/python/cpython/pull/143926
+ NOTE:
https://mail.python.org/archives/list/[email protected]/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/
+ NOTE:
https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f
(main)
+ TODO: check completeness
CVE-2025-14559 (A flaw was found in the keycloak-services component of
Keycloak. This ...)
- keycloak <itp> (bug #1088287)
CVE-2025-11468 (When folding a long comment in an email header containing
exclusively ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b46d971898600e63edcf8a48f0efb90a1875e353
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b46d971898600e63edcf8a48f0efb90a1875e353
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
