[Git][security-tracker-team/security-tracker][master] CVE-2025-1795/python: fix introductory commit

Wed, 04 Feb 2026 00:31:38 -0800 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
41e5f4fb by Sylvain Beucler at 2026-02-04T09:30:21+01:00
CVE-2025-1795/python: fix introductory commit

While v3.3.0a4 introduces the fixed code, the PoC from
https://github.com/python/cpython/issues/100884 doesn't fail (',' is
properly maintained) until the rewrite in v3.6.4rc1.

Same for the initial
'test_address_list_with_list_separator_after_fold' test case.

(Note: following the regression fix, the updated test case fails
before the rewrite but due to an infinite loop, which is a different
issue.)

Fixes: d097a1d38ee8a56d1c9ff1ecf2b38b958f460846

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -117326,7 +117326,7 @@ CVE-2025-1795 (During an address list folding when a 
separating comma ends up on
        NOTE: Regression fixed by: 
https://github.com/python/cpython/commit/8c96850161da23ad2b37551d2a89c7d4716fe024
 (v3.12.4)
        NOTE: Fixed by: 
https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593
 (v3.11.9)
        NOTE: Regression Fixed by: 
https://github.com/python/cpython/commit/4762b365406a8cf026a4a4ddcae34c28a41c3de9
 (v3.11.10)
-       NOTE: Introduced by: 
https://github.com/python/cpython/commit/0b6f6c82b51b7071d88f48abb3192bf3dc2a2d24
 (v3.3.0a4)
+       NOTE: Introduced by: 
https://github.com/python/cpython/commit/a87ba60fe56ae2ebe80ab9ada6d280a6a1f3d552
 (v3.6.4rc1)
 CVE-2025-1776 (Cross-Site Scripting (XSS) vulnerability in Soteshop, versions 
prior t ...)
        NOT-FOR-US: Soteshop
 CVE-2025-1749 (HTML injection vulnerabilities in OpenCart versions prior to 
4.1.0. Th ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41e5f4fbd22e8d4130d0ab93d1fc54627ab4459e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41e5f4fbd22e8d4130d0ab93d1fc54627ab4459e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to