[Git][security-tracker-team/security-tracker][master] Add CVE-2026-7210/python

Thu, 14 May 2026 00:08:50 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
949cf035 by Salvatore Bonaccorso at 2026-05-14T09:07:50+02:00
Add CVE-2026-7210/python

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1782,7 +1782,20 @@ CVE-2026-7790 (Uncontrolled Resource Consumption 
vulnerability in ninenines cowl
 CVE-2026-7308 (An authenticated user with upload permission to a hosted 
repository ca ...)
        NOT-FOR-US: Sonatype
 CVE-2026-7210 (`xml.parsers.expat` and `xml.etree.ElementTree` use 
insufficient entro ...)
-       TODO: check
+       - python3.14 <unfixed>
+       - python3.13 <unfixed>
+       - python3.11 <removed>
+       - python3.9 <removed>
+       - python2.7 <removed>
+       - pypy3 <unfixed>
+       NOTE: 
https://mail.python.org/archives/list/[email protected]/thread/PNY5OMBDPM2FRUZTWFFPJ6LISWKV627K/
+       NOTE: https://github.com/python/cpython/issues/149018
+       NOTE: https://github.com/python/cpython/pull/149023
+       NOTE: 
https://github.com/python/cpython/commit/24b8f12544468e4cedf5bfbe25442fcd495391e4
 (main)
+       NOTE: https://github.com/python/cpython/pull/149645 (3.15)
+       NOTE: https://github.com/python/cpython/pull/149646 (3.14)
+       NOTE: Fully mitigating this vulnerability requires both updating 
libexpat to
+       NOTE: 2.8.0 or later and applying the python patch for CVE-2026-7210.
 CVE-2026-6956 (ATutor is vulnerable to Reflected XSS in/install/install.php 
endpoint. ...)
        NOT-FOR-US: ATutor
 CVE-2026-6909 (ATutor is vulnerable to Reflected XSS in/install/upgrade.php 
endpoint. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/949cf035928e9462665710b6a30a17e9d44360dc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/949cf035928e9462665710b6a30a17e9d44360dc
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to