[Git][security-tracker-team/security-tracker][master] Add CVE-2025-12781/python

Thu, 22 Jan 2026 16:58:43 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9b2cbc08 by Salvatore Bonaccorso at 2026-01-22T23:12:13+01:00
Add CVE-2025-12781/python

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1007,7 +1007,16 @@ CVE-2025-13465 (Lodash versions 4.0.0 through 4.17.22 
are vulnerable to prototyp
        - node-lodash <unfixed>
        NOTE: 
https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg
 CVE-2025-12781 (When passing data to the b64decode(), standard_b64decode(), 
and urlsaf ...)
-       TODO: check
+       - python3.14 <unfixed>
+       - python3.13 <unfixed>
+       - python3.11 <removed>
+       - python3.9 <removed>
+       - pypy3 <unfixed>
+       NOTE: https://github.com/python/cpython/issues/125346
+       NOTE: https://github.com/python/cpython/pull/141128
+       NOTE: 
https://mail.python.org/archives/list/[email protected]/thread/KRI7GC6S27YV5NJ4FPDALS2WI5ENAFJ6/
+       NOTE: Fix is only to deprecate accepting "+" and "/" with alternative 
alphabet.
+       NOTE: 
https://github.com/python/cpython/commit/9060b4abbe475591b6230b23c2afefeff26fcca5
 (main)
 CVE-2021-47887 (OKI Print Job Accounting 4.4.10 contains an unquoted service 
path vuln ...)
        NOT-FOR-US: OKI Print Job Accounting
 CVE-2021-47886 (Pingzapper 2.3.1 contains an unquoted service path 
vulnerability in th ...)
@@ -1071,7 +1080,8 @@ CVE-2021-47855 (Openlitespeed 1.7.9 contains a stored 
cross-site scripting vulne
 CVE-2021-47854 (DD-WRT version 45723 contains a buffer overflow vulnerability 
in the U ...)
        NOT-FOR-US: DD-WRT
 CVE-2021-47853 (phpPgAdmin 7.13.0 contains a remote command execution 
vulnerability th ...)
-       TODO: check
+       - phppgadmin <undetermined>
+       NOTE: https://www.exploit-db.com/exploits/49736
 CVE-2021-47852 (Rockstar Games Launcher 1.0.37.349 contains a privilege 
escalation vul ...)
        NOT-FOR-US: Rockstar Games Launcher
 CVE-2021-47851 (Mini Mouse 9.2.0 contains a remote code execution 
vulnerability that a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b2cbc08634ca237ae8651dd27d2bfd2cc331774

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b2cbc08634ca237ae8651dd27d2bfd2cc331774
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to