[Git][security-tracker-team/security-tracker][master] Track fixes for python3.14 issues via unstable

Fri, 27 Mar 2026 11:16:17 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2ccf8151 by Salvatore Bonaccorso at 2026-03-27T19:15:27+01:00
Track fixes for python3.14 issues via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6220,7 +6220,7 @@ CVE-2026-4228 (A vulnerability was detected in LB-LINK 
BL-WR9000 2.4.9. This aff
 CVE-2026-4227 (A security vulnerability has been detected in LB-LINK BL-WR9000 
2.4.9. ...)
        NOT-FOR-US: LB-LINK BL-WR9000
 CVE-2026-4224 (When an Expat parser with a registered ElementDeclHandler 
parses an in ...)
-       - python3.14 <unfixed>
+       - python3.14 3.14.3-4
        - python3.13 <unfixed>
        - python3.11 <removed>
        - python3.9 <removed>
@@ -6237,7 +6237,7 @@ CVE-2026-4224 (When an Expat parser with a registered 
ElementDeclHandler parses
        NOTE: Fixed by: 
https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3
 (3.14)
        NOTE: Fixed by: 
https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a
 (3.13)
 CVE-2026-3644 (The fix for CVE-2026-0672, which rejected control characters in 
http.c ...)
-       - python3.14 <unfixed>
+       - python3.14 3.14.3-4
        - python3.13 <unfixed>
        - python3.11 <removed>
        - python3.9 <removed>
@@ -7663,7 +7663,7 @@ CVE-2025-61154 (Heap buffer overflow vulnerability in 
LibreDWG versions v0.13.3.
 CVE-2025-13913 (A privileged Ignition user, intentionally or otherwise, 
imports an ext ...)
        NOT-FOR-US: Inductive Automation Ignition Software
 CVE-2025-13462 (The "tarfile" module would still apply normalization of 
AREGTYPE (\x00 ...)
-       - python3.14 <unfixed>
+       - python3.14 3.14.3-4
        - python3.13 <unfixed>
        - python3.11 <removed>
        - python3.9 <removed>
@@ -11222,7 +11222,7 @@ CVE-2026-2418 (The Login with Salesforce WordPress 
plugin through 1.0.2 does not
 CVE-2026-2365 (The Fluent Forms Pro plugin for WordPress is vulnerable to 
Stored Cros ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-2297 (The import hook in CPython that handles legacy *.pyc files 
(Sourceless ...)
-       - python3.14 <unfixed>
+       - python3.14 3.14.3-4
        - python3.13 <unfixed>
        - python3.11 <removed>
        - python3.9 <removed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ccf8151d6c252e43ca78ff8551d46449dee5fa9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ccf8151d6c252e43ca78ff8551d46449dee5fa9
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to