Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 462d2059 by Sylvain Beucler at 2022-11-03T12:48:05+01:00 CVE-2022-42919/python*: clarify notes - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -6310,15 +6310,15 @@ CVE-2022-42919 [Linux specific local privilege escalation via the multiprocessin - python3.10 <unfixed> - python3.9 <unfixed> - python3.7 <removed> - [buster] - python3.7 <not-affected> (Vulnerable functionality introduced later) + [buster] - python3.7 <not-affected> (Vulnerable functionality backported later in 3.7.8) NOTE: https://github.com/python/cpython/issues/97514 NOTE: https://github.com/python/cpython/commit/4686d77a04570a663164c03193d9def23c89b122 (3.11-branch) NOTE: https://github.com/python/cpython/commit/eae692eed18892309bcc25a2c0f8980038305ea2 (3.10-branch) NOTE: https://github.com/python/cpython/commit/b43496c01a554cf41ae654a0379efae18609ad39 (3.9-branch) NOTE: The patch for 3.9 and later only removes the default preference for abstract sockets which NOTE: prevents CVE-2022-42919. Versions 3.8.4 and 3.7.8 are not vulnerable by default (but issue present) - NOTE: though users need to manually users would need to make specific uncommon multiprocessing API calls - NOTE: specifying their own forkserver control socket path. + NOTE: though users would need to make specific uncommon multiprocessing API calls specifying their own + NOTE: forkserver control socket path. Earlier 3.x versions are not vulnerable. CVE-2022-3503 (A vulnerability was found in SourceCodester Purchase Order Management ...) NOT-FOR-US: SourceCodester CVE-2022-3502 (A vulnerability was found in Human Resource Management System 1.0. It ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/462d20593fda70e3cb63031de0edbd3acd697115 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/462d20593fda70e3cb63031de0edbd3acd697115 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits