[Git][security-tracker-team/security-tracker][master] python-pip is vulnerable to CVE-2021-3572 in stretch. Git refs are

Wed Jun 16 22:23:58 BST 2021


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
13e7aaf2 by Abhijith PA at 2021-06-17T02:53:20+05:30
python-pip is vulnerable to CVE-2021-3572 in stretch. Git refs are
splitted in get_full_refs(). Minor issue. Can fix in next release

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2237,6 +2237,7 @@ CVE-2021-33792
 CVE-2021-3572 [Don't split git references on unicode separators #9827]
 	RESERVED
 	- python-pip 20.3.4-2
+	[stretch] - python-pip <postponed> (Minor issue. Fix along with next DLA)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/python-pip/+bug/1926957
 	NOTE: https://github.com/pypa/pip/pull/9827
 	NOTE: https://github.com/pypa/pip/commit/ca832b2836e0bffa7cf95589acdcd71230f5834e (21.1)


=====================================
data/dla-needed.txt
=====================================
@@ -77,8 +77,6 @@ openexr
 --
 python-babel (Abhijith PA)
 --
-python-pip (Abhijith PA)
---
 ruby-actionpack-page-caching (Markus Koschany)
   NOTE: 20200819: Upstream's patch on does not apply due to subsequent
   NOTE: 20200819: refactoring. However, a quick look at the private



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13e7aaf2e9b8a702d49cc535cc443870d023a3ef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13e7aaf2e9b8a702d49cc535cc443870d023a3ef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210616/94db04f4/attachment.htm>
