Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b62479e6 by Moritz Muehlenhoff at 2026-05-06T16:26:07+02:00
two issues fixed in python3.14 in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7187,7 +7187,7 @@ CVE-2026-6878 (A vulnerability was identified in
ByteDance verl up to 0.7.0. Aff
CVE-2026-6874 (A vulnerability was determined in ericc-ch copilot-api up to
0.7.0. Th ...)
NOT-FOR-US: ericc-ch copilot-api
CVE-2026-6019 (http.cookies.Morsel.js_output() returns an inline <script>
snippet and ...)
- - python3.14 <unfixed>
+ - python3.14 3.14.5~rc1-1
- python3.13 <unfixed>
[trixie] - python3.13 <no-dsa> (Minor issue)
- python3.11 <removed>
@@ -7201,7 +7201,7 @@ CVE-2026-6019 (http.cookies.Morsel.js_output() returns an
inline <script> snippe
NOTE: https://github.com/python/cpython/issues/90309
NOTE: https://github.com/python/cpython/pull/148848
NOTE: Fixed by:
https://github.com/python/cpython/commit/76b3923d688c0efc580658476c5f525ec8735104
(main branch)
- NOTE: Fixed by:
https://github.com/python/cpython/commit/f795e042043dfe26c42e1971d4502c1cdc4c65b8
(3.14 branch)
+ NOTE: Fixed by:
https://github.com/python/cpython/commit/f795e042043dfe26c42e1971d4502c1cdc4c65b8
(v3.14.5rc1)
NOTE: Fixed by:
https://github.com/python/cpython/commit/3c59b8b53fc75c7f9578d16fb8201ceb43e8f76c
(3.13 branch)
CVE-2026-5935 (IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3,
9.4, 9 ...)
NOT-FOR-US: IBM
@@ -12736,7 +12736,7 @@ CVE-2026-6182 (A vulnerability was identified in
code-projects Simple Content Ma
NOT-FOR-US: code-projects
CVE-2026-6100 (Use-after-free (UAF) was possible in the
`lzma.LZMADecompressor`, `bz2 ...)
{DLA-4532-1}
- - python3.14 <unfixed>
+ - python3.14 3.14.5~rc1-1
- python3.13 <unfixed>
- python3.11 <removed>
- python3.9 <removed>
@@ -12747,7 +12747,7 @@ CVE-2026-6100 (Use-after-free (UAF) was possible in the
`lzma.LZMADecompressor`,
NOTE: https://github.com/python/cpython/issues/148395
NOTE: https://github.com/python/cpython/pull/148396
NOTE: Fixed by:
https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2
(main)
- NOTE: Fixed by:
https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d
(3.14 branch)
+ NOTE: Fixed by:
https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d
(v3.14.5rc1)
NOTE: Fixed by:
https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20
(3.13 branch)
NOTE: Fixed by:
https://github.com/python/cpython/commit/e20c6c9667c99ecaab96e1a2b3767082841ffc8b
(3.11 branch)
CVE-2026-4810 (A Code Injection and Missing Authentication vulnerability in
Google Ag ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b62479e66be988abb78ff09080963953214ba765
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b62479e66be988abb78ff09080963953214ba765
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
