[Git][security-tracker-team/security-tracker][master] "new" python issue
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Aug 23 08:52:34 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
de517277 by Moritz Muehlenhoff at 2023-08-23T09:52:04+02:00
"new" python issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -85,7 +85,10 @@ CVE-2022-48570 (Crypto++ through 8.4 contains a timing side channel in ECDSA sig
NOTE: functionality reasons.
TODO: check details on upstream fix (in 8.4?)
CVE-2022-48566 (An issue was discovered in compare_digest in Lib/hmac.py in Python thr ...)
- TODO: check
+ - python3.9 3.9.0~b4-1
+ - python3.7 <removed>
+ NOTE: https://github.com/python/cpython/commit/8183e11d87388e4e44e3242c42085b87a878f781
+ NOTE: https://github.com/python/cpython/issues/84968
CVE-2022-48565 (An XML External Entity (XXE) issue was discovered in Python through 3. ...)
TODO: check
CVE-2022-48564 (read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a po ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de5172773c3e6a6b099bc7a799efa8eb9460091e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de5172773c3e6a6b099bc7a799efa8eb9460091e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230823/1ec1db55/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list