Hello!
Thanks for bringing the formatting issue to our attention, the prose
description renders fine in the Vulnogram UI. Regarding the version range,
I believe that is correct. All Python versions (from 0 to 3.14.0) are
affected by this vulnerability. The patches that have landed in GitHub have
not yet been released. When the patches are included in a release the CVE
will automatically update with the fixed versions.
Hope this helps!
Seth Larson
On Tue, Jul 29, 2025 at 12:50 PM Mats Wichmann <m...@wichmann.us> wrote:
> On 7/28/25 13:55, Alan Coopersmith forwarded a cPython security issue:
>
> some unfortunate glitches here. first, a template failure:
>
> > There is a HIGH severity vulnerability affecting {project}.
>
> second and third:
>
> > Please see the linked CVE ID for the latest information on affected
> > versions:
> >
> > * https://www.cve.org/CVERecord?id=CVE-2025-8194
> The CVE contents suggest nothing is broken:
>
> > affected
>
> > affected from 0 before 3.14.0
>
> (3.14 still being unreleased). But patches for this were backported to
> all supported cPython versions, so the effect must be a bit wider than
> that.
>
>
> And in the cve record itself, the patch suggestion comes out mangled.
> _______________________________________________
> PSRT mailing list -- p...@python.org
> To unsubscribe send an email to psrt-le...@python.org
> https://mail.python.org/mailman3//lists/psrt.python.org
> Member address: seth.lar...@pyfound.org
>
