[Git][security-tracker-team/security-tracker][master] 2 commits: Track embedded copies of python-py

Salvatore Bonaccorso carnil at debian.org
Sun Feb 28 10:08:46 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
67ad7255 by Salvatore Bonaccorso at 2021-02-28T11:07:20+01:00
Track embedded copies of python-py

- - - - -
e605fc53 by Salvatore Bonaccorso at 2021-02-28T11:07:51+01:00
Mark pypy and pypy3 as unimportant for CVE-2020-29651

Source-wise affected but the svnwc.py does not seem to be part of the
binary packages produced as is an embedded copy of python-py.

- - - - -


2 changed files:

- data/CVE/list
- data/embedded-code-copies


Changes:

=====================================
data/CVE/list
=====================================
@@ -21527,9 +21527,8 @@ CVE-2020-29651 (A denial of service via regular expression in the py.path.svnwc
 	- python-py 1.10.0-1
 	[buster] - python-py <no-dsa> (Minor issue)
 	[stretch] - python-py <postponed> (Minor issue)
-	- pypy <unfixed>
-	[stretch] - pypy <postponed> (Minor issue)
-	- pypy3 <unfixed>
+	- pypy <unfixed> (unimportant)
+	- pypy3 <unfixed> (unimportant)
 	NOTE: https://github.com/pytest-dev/py/issues/256
 	NOTE: https://github.com/pytest-dev/py/pull/257
 	NOTE: https://github.com/pytest-dev/py/commit/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144


=====================================
data/embedded-code-copies
=====================================
@@ -3550,3 +3550,7 @@ libbpf
 	- bpfcc 0.17.0+ds-1 (embed)
 	- dwarves-dfsg 1.18-1 (embed; bug #979105)
 	- v4l-utils <unfixed> (embed; bug #979610)
+
+python-py
+	- pypy <unfixed> (embed)
+	- pypy3 <unfixed> (embed)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/691d8f6853352157ac3eec4840b7d3adcbd92e9d...e605fc53a376d47798ab69016b345ac455e7ca76

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/691d8f6853352157ac3eec4840b7d3adcbd92e9d...e605fc53a376d47798ab69016b345ac455e7ca76
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210228/1a70f8a8/attachment.htm>

More information about the debian-security-tracker-commits mailing list