[Git][security-tracker-team/security-tracker][master] CVE-2021-23336 affects py2

Mon Mar 15 14:10:16 GMT 2021


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0c734ebd by Moritz Muehlenhoff at 2021-03-15T15:09:34+01:00
CVE-2021-23336 affects py2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11624,12 +11624,13 @@ CVE-2021-23336 (The package python/cpython from 0 and before 3.6.13, from 3.7.0
 	[buster] - python3.7 <no-dsa> (Minor issue)
 	- python3.5 <removed>
 	- pypy3 7.3.3+dfsg-3
+	- python2.7 <unfixed>
+	[bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by security support)
 	NOTE: https://github.com/python/cpython/pull/24297
 	NOTE: https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
 	NOTE: https://github.com/python/cpython/commit/c9f07813ab8e664d8c34413c4fc2d4f86c061a92 (3.9)
 	NOTE: https://github.com/python/cpython/commit/d0d4d30882fe3ab9b1badbecf5d15d94326fd13e (3.7)
 	NOTE: https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
-	TODO: check Py2 status
 CVE-2021-23335 (All versions of package is-user-valid are vulnerable to LDAP Injection ...)
 	NOT-FOR-US: Node is-user-valid
 CVE-2021-23334 (All versions of package static-eval are vulnerable to Arbitrary Code E ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c734ebd0ba797732aeef5959c154f0c8ea354d8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c734ebd0ba797732aeef5959c154f0c8ea354d8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210315/29e0c896/attachment.htm>
