Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
eed5b5c8 by Salvatore Bonaccorso at 2026-06-11T06:51:51+02:00
Track fixed version for python3.13 issue via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2284,7 +2284,7 @@ CVE-2026-11701 (Inappropriate implementation in Guest 
View in Google Chrome prio
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-9669 (bz2.BZ2Decompressor objects could be reused after a 
decompression erro ...)
        - python3.14 3.14.6-1
-       - python3.13 <unfixed>
+       - python3.13 3.13.14-1
        [trixie] - python3.13 <no-dsa> (Minor issue, will be fixed via pu)
        - python3.11 <removed>
        [bookworm] - python3.11 <no-dsa> (Minor issue)
@@ -5153,7 +5153,7 @@ CVE-2026-8037 (OS Command Injection Remote Code Execution 
Vulnerability in API i
        NOT-FOR-US: Progress Software
 CVE-2026-7774 (tarfile.data_filter could be bypassed using crafted link 
entries, incl ...)
        - python3.14 3.14.6-1
-       - python3.13 <unfixed>
+       - python3.13 3.13.14-1
        [trixie] - python3.13 <no-dsa> (Minor issue)
        - python3.11 <removed>
        [bookworm] - python3.11 <no-dsa> (Minor issue)
@@ -5851,7 +5851,7 @@ CVE-2019-25720 (Dr\xe4ger SC Monitoring devices (SC 
6002XL, SC 6802XL, SC 7000,
        NOT-FOR-US: Draeger
 CVE-2026-3276 (unicodedata.normalize() can take excessive CPU time when 
processing sp ...)
        - python3.14 3.14.6-1
-       - python3.13 <unfixed>
+       - python3.13 3.13.14-1
        [trixie] - python3.13 <no-dsa> (Minor issue)
        - python3.11 <removed>
        [bookworm] - python3.11 <no-dsa> (Minor issue)
@@ -18550,7 +18550,7 @@ CVE-2026-8367 (aria2c accepts a server certificate with 
incorrect Extended Key U
        NOTE: https://github.com/aria2/aria2/issues/2355
 CVE-2026-8328 (The ftpcp() function in Lib/ftplib.py was not updated when  
CVE-2021-4 ...)
        - python3.14 3.14.6-1
-       - python3.13 <unfixed>
+       - python3.13 3.13.14-1
        [trixie] - python3.13 <no-dsa> (Minor issue)
        - python3.11 <removed>
        [bookworm] - python3.11 <no-dsa> (Minor issue)
@@ -21157,7 +21157,7 @@ CVE-2026-7308 (An authenticated user with upload 
permission to a hosted reposito
        NOT-FOR-US: Sonatype
 CVE-2026-7210 (`xml.parsers.expat` and `xml.etree.ElementTree` use 
insufficient entro ...)
        - python3.14 3.14.6-1
-       - python3.13 <unfixed>
+       - python3.13 3.13.14-1
        [trixie] - python3.13 <no-dsa> (Minor issue)
        - python3.11 <removed>
        [bookworm] - python3.11 <no-dsa> (Minor issue)
@@ -32717,7 +32717,7 @@ CVE-2026-6874 (A vulnerability was determined in 
ericc-ch copilot-api up to 0.7.
        NOT-FOR-US: ericc-ch copilot-api
 CVE-2026-6019 (http.cookies.Morsel.js_output() returns an inline <script> 
snippet and ...)
        - python3.14 3.14.5~rc1-1
-       - python3.13 <unfixed>
+       - python3.13 3.13.14-1
        [trixie] - python3.13 3.13.5-2+deb13u2
        - python3.11 <removed>
        [bookworm] - python3.11 <no-dsa> (Minor issue)
@@ -38010,7 +38010,7 @@ CVE-2026-6201 (A vulnerability was identified in 
CodeAstro Online Job Portal 1.0
        NOT-FOR-US: CodeAstro Online Job Portal
 CVE-2026-4786 (Mitgation ofCVE-2026-4519 was incomplete. If the URL contained 
"%actio ...)
        - python3.14 3.14.5-1
-       - python3.13 <unfixed>
+       - python3.13 3.13.14-1
        [trixie] - python3.13 <not-affected> (Incomplete fix not released)
        - python3.11 <not-affected> (Incomplete fix not released)
        - python3.9 <not-affected> (Incomplete fix not released)
@@ -38328,7 +38328,7 @@ CVE-2026-6182 (A vulnerability was identified in 
code-projects Simple Content Ma
 CVE-2026-6100 (Use-after-free (UAF) was possible in the 
`lzma.LZMADecompressor`, `bz2 ...)
        {DLA-4532-1}
        - python3.14 3.14.5~rc1-1
-       - python3.13 <unfixed>
+       - python3.13 3.13.14-1
        [trixie] - python3.13 3.13.5-2+deb13u2
        - python3.11 <removed>
        [bookworm] - python3.11 <no-dsa> (Minor issue)
@@ -39134,7 +39134,7 @@ CVE-2026-40021 (Apache Log4net's  XmlLayout 
https://logging.apache.org/log4net/m
        NOTE: https://lists.apache.org/thread/q8otftjswhk69n3kxslqg7cobr0x4st7
 CVE-2026-3446 (When calling base64.b64decode() or related functions the 
decoding proc ...)
        - python3.14 3.14.4-1
-       - python3.13 <unfixed>
+       - python3.13 3.13.14-1
        [trixie] - python3.13 3.13.5-2+deb13u2
        - python3.11 <removed>
        [bookworm] - python3.11 <ignored> (Not backported to older Python 
releases due to compat concerns)
@@ -39349,7 +39349,7 @@ CVE-2026-22560 (An open redirect vulnerability in 
Rocket.Chat versions prior to
        NOT-FOR-US: Rocket.Chat
 CVE-2026-1502 (CR/LF bytes were not rejected by HTTP client proxy tunnel 
headers or h ...)
        - python3.14 3.14.5-1
-       - python3.13 <unfixed>
+       - python3.13 3.13.14-1
        [trixie] - python3.13 <no-dsa> (Minor issue)
        - python3.11 <removed>
        [bookworm] - python3.11 <no-dsa> (Minor issue)
@@ -52202,7 +52202,7 @@ CVE-2024-13785 (The The Contact Form, Survey, Quiz & 
Popup Form Builder \u2013 A
 CVE-2026-4519 (The webbrowser.open() API would accept leading dashes in the 
URL which ...)
        {DLA-4583-1}
        - python3.14 3.14.4-1
-       - python3.13 <unfixed>
+       - python3.13 3.13.14-1
        [trixie] - python3.13 3.13.5-2+deb13u2
        - python3.11 <removed>
        [bookworm] - python3.11 <no-dsa> (Minor issue)
@@ -54520,7 +54520,7 @@ CVE-2026-4227 (A security vulnerability has been 
detected in LB-LINK BL-WR9000 2
 CVE-2026-4224 (When an Expat parser with a registered ElementDeclHandler 
parses an in ...)
        {DLA-4583-1}
        - python3.14 3.14.3-4
-       - python3.13 <unfixed>
+       - python3.13 3.13.14-1
        [trixie] - python3.13 3.13.5-2+deb13u2
        - python3.11 <removed>
        [bookworm] - python3.11 <no-dsa> (Minor issue)
@@ -54541,7 +54541,7 @@ CVE-2026-4224 (When an Expat parser with a registered 
ElementDeclHandler parses
 CVE-2026-3644 (The fix for CVE-2026-0672, which rejected control characters in 
http.c ...)
        {DLA-4583-1}
        - python3.14 3.14.3-4
-       - python3.13 <unfixed>
+       - python3.13 3.13.14-1
        [trixie] - python3.13 3.13.5-2+deb13u2
        - python3.11 <removed>
        [bookworm] - python3.11 <no-dsa> (Minor issue)
@@ -56045,7 +56045,7 @@ CVE-2025-13913 (A privileged Ignition user, 
intentionally or otherwise, imports
 CVE-2025-13462 (The "tarfile" module would still apply normalization of 
AREGTYPE (\x00 ...)
        {DLA-4583-1}
        - python3.14 3.14.3-4
-       - python3.13 <unfixed>
+       - python3.13 3.13.14-1
        [trixie] - python3.13 3.13.5-2+deb13u1
        - python3.11 <removed>
        [bookworm] - python3.11 <no-dsa> (Minor issue)
@@ -59676,7 +59676,7 @@ CVE-2026-2365 (The Fluent Forms Pro plugin for 
WordPress is vulnerable to Stored
 CVE-2026-2297 (The import hook in CPython that handles legacy *.pyc files 
(Sourceless ...)
        {DLA-4583-1}
        - python3.14 3.14.3-4
-       - python3.13 <unfixed>
+       - python3.13 3.13.14-1
        [trixie] - python3.13 3.13.5-2+deb13u1
        - python3.11 <removed>
        [bookworm] - python3.11 <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eed5b5c80f878bc7cbe1b3926d9a52a8ad667fef

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eed5b5c80f878bc7cbe1b3926d9a52a8ad667fef
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to