[Git][security-tracker-team/security-tracker][master] python2.7: associate past python3.x CVEs to python2.7 (2)
Sylvain Beucler (@beuc)
beuc at debian.org
Sat Apr 15 11:30:01 BST 2023
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
68ecea4f by Sylvain Beucler at 2023-04-15T12:28:56+02:00
python2.7: associate past python3.x CVEs to python2.7 (2)
Follow-up to fb0c9868f5bb6a7c5457f397cdfb603d629ef0c3
Compare with python3.7/buster in addition to python3.9/bullseye.
CVE-2020-14422 also affect the py2 backport in python-ipaddress.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -220201,6 +220201,8 @@ CVE-2020-14422 (Lib/ipaddress.py in Python through 3.8.3 improperly computes has
- python3.5 <removed>
- python3.4 <removed>
[jessie] - python3.4 <postponed> (Minor issue, DoS with constraints)
+ - python2.7 <not-affected> (ipaddress module introduced in 3.3)
+ - python-ipaddress <removed>
NOTE: https://bugs.python.org/issue41004
NOTE: https://github.com/python/cpython/pull/20956
NOTE: https://github.com/python/cpython/pull/21033
@@ -237714,6 +237716,7 @@ CVE-2020-8428 (fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sti
CVE-2020-8315 (In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 thr ...)
- python3.8 <not-affected> (Windows-specific)
- python3.7 <not-affected> (Windows-specific)
+ - python2.7 <not-affected> (Vulnerable code not present)
NOTE: https://bugs.python.org/issue39401
CVE-2020-8314
RESERVED
@@ -306531,6 +306534,7 @@ CVE-2018-20406 (Modules/_pickle.c in Python before 3.7.1 has an integer overflow
- python3.6 3.6.7~rc1-1 (unimportant)
- python3.5 <removed> (unimportant)
- python3.4 <removed> (unimportant)
+ - python2.7 <not-affected> (Vulnerable code not present)
NOTE: https://bugs.python.org/issue34656
NOTE: https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd (master)
NOTE: https://github.com/python/cpython/commit/ef4306b24c9034d6b37bb034e2ebe82e745d4b77 (3.7)
@@ -347810,6 +347814,7 @@ CVE-2018-1000117 (Python Software Foundation CPython version From 3.2 until 3.6.
- python3.6 <not-affected> (Windows-specific)
- python3.5 <not-affected> (Windows-specific)
- python3.4 <not-affected> (Windows-specific)
+ - python2.7 <not-affected> (os.symlink for Windows introduced in 3.2)
NOTE: http://hg.python.org/lookup/6921e73e33edc3c61bc2d78ed558eaa22a89a564
NOTE: https://bugs.python.org/issue33001
CVE-2018-7740 (The resv_map_release function in mm/hugetlb.c in the Linux kernel thro ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68ecea4f31a73751abc16aa4d4af9492499eb939
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68ecea4f31a73751abc16aa4d4af9492499eb939
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230415/2485d2b9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list