[Git][security-tracker-team/security-tracker][master] new python issue
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jun 28 11:31:51 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
32637714 by Moritz Muehlenhoff at 2024-06-28T12:31:18+02:00
new python issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,7 +21,18 @@ CVE-2024-5728 (The Animated AL List WordPress plugin through 1.0.6 does not sani
CVE-2024-5727 (The Widget4Call WordPress plugin through 1.0.7 does not sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5642 (CPython 3.9 and earlier doesn't disallow configuring an empty list ("[ ...)
- TODO: check
+ - python3.13 <not-affected> (Fixed before initial upload)
+ - python3.12 <not-affected> (Fixed before initial upload)
+ - python3.11 <not-affected> (Fixed before initial upload)
+ - python3.9 <removed>
+ [bullseye] - python3.9 <no-dsa> (Minor issue)
+ - python3.7 <removed>
+ - python2.7 <removed>
+ [bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
+ NOTE: https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html
+ NOTE: https://github.com/python/cpython/pull/23014
+ NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/
+ NOTE: https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e (v3.10.0b1)
CVE-2024-5570 (The Simple Photoswipe WordPress plugin through 0.1 does not have autho ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4395 (The XPC service within the audit functionality of Jamf Compliance Edit ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/326377149b2ea456c62f10ee5ccd9edc9782fff1
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/326377149b2ea456c62f10ee5ccd9edc9782fff1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240628/15f478bc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list