[Git][security-tracker-team/security-tracker][master] new python-mechanize issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Mar 10 16:29:23 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
59345e75 by Moritz Muehlenhoff at 2023-03-10T17:28:59+01:00
new python-mechanize issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -134263,13 +134263,11 @@ CVE-2021-33236 (Buffer Overflow vulnerability in write_header in htmldoc through
 	NOTE: https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e (v1.9.12)
 	NOTE: Crash in CLI tool, no security impact
 	NOTE: Duplicate CVE of CVE-2022-34033
-	TODO: clarify duplicate assignment with assigning CNA
 CVE-2021-33235 (Buffer overflow vulnerability in write_node in htmldoc through 1.9.11  ...)
 	- htmldoc 1.9.12-1 (unimportant)
 	NOTE: https://github.com/michaelrsweet/htmldoc/issues/426
 	NOTE: https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3 (v1.9.12)
 	NOTE: Duplicate assignment of CVE-2022-34035
-	TODO: clarify duplicate assignment with assigning CNA
 CVE-2021-33234
 	RESERVED
 CVE-2021-33233
@@ -135297,7 +135295,9 @@ CVE-2021-32839 (sqlparse is a non-validating SQL parser module for Python. In sq
 CVE-2021-32838 (Flask-RESTX (pypi package flask-restx) is a community driven fork of F ...)
 	NOT-FOR-US: Flask restx
 CVE-2021-32837 (mechanize, a library for automatically interacting with HTTP web serve ...)
-	TODO: check
+	- python-mechanize 1:0.4.7-1
+	NOTE: https://securitylab.github.com/advisories/GHSL-2021-108-python-mechanize-mechanize/
+	NOTE: https://github.com/python-mechanize/mechanize/commit/dd05334448e9f39814bab044d2eaa5ef69b410d6 (v0.4.6)
 CVE-2021-32836 (ZStack is open source IaaS(infrastructure as a service) software. In Z ...)
 	NOT-FOR-US: ZStack
 CVE-2021-32835 (Eclipse Keti is a service that was designed to protect RESTfuls API us ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59345e759b361985c0a63d9cfd4d77365528e5bb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59345e759b361985c0a63d9cfd4d77365528e5bb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230310/15efcedc/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list