[Git][security-tracker-team/security-tracker][master] new Python issue (CVE description is bogus)

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Aug 16 14:12:00 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fcf7face by Moritz Muehlenhoff at 2023-08-16T15:11:24+02:00
new Python issue (CVE description is bogus)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -145,7 +145,15 @@ CVE-2023-38916 (SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a
 CVE-2023-38915 (File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote ...)
 	NOT-FOR-US: Wolf-leo EasyAdmin8
 CVE-2023-38898 (An issue in Python cpython v.3.7 allows an attacker to obtain sensitiv ...)
-	TODO: check
+	- python3.12 3.12.0~b4-1
+	- python3.11 <not-affected> (Vulnerable code not present)
+	- python3.10 <not-affected> (Vulnerable code not present)
+	- python3.9 <not-affected> (Vulnerable code not present)
+	- python3.7 <not-affected> (Vulnerable code not present)
+	- python2.7 <not-affected> (Vulnerable code not present)
+	NOTE: Introduced in https://github.com/python/cpython/commit/a474e04388c2ef6aca75c26cb70a1b6200235feb
+	NOTE: https://github.com/python/cpython/commit/9e6f8d46150c1a0af09d68ce63c603cf321994aa
+	NOTE: https://github.com/python/cpython/issues/105987
 CVE-2023-38896 (An issue in Harrison Chase langchain v.0.0.194 and before allows a rem ...)
 	NOT-FOR-US:  Harrison Chase langchain
 CVE-2023-38889 (An issue in Alluxio v.2.9.3 and before allows an attacker to execute a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcf7face99651c5b8c88f1733b308da8e98711e5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcf7face99651c5b8c88f1733b308da8e98711e5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230816/3707f198/attachment.htm>

More information about the debian-security-tracker-commits mailing list