[Git][security-tracker-team/security-tracker][master] pypy3: Use versions published in unstable, not experimental
Stefano Rivera (@stefanor)
stefanor at debian.org
Wed May 1 20:30:20 BST 2024
Stefano Rivera pushed to branch master at Debian Security Tracker / security-tracker
Commits:
90abd11f by Stefano Rivera at 2024-05-01T15:29:42-04:00
pypy3: Use versions published in unstable, not experimental
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53505,7 +53505,7 @@ CVE-2022-48566 (An issue was discovered in compare_digest in Lib/hmac.py in Pyth
- python3.7 <removed>
- python2.7 <removed>
[bullseye] - python2.7 2.7.18-8+deb11u1
- - pypy3 7.3.4~rc1+dfsg-1
+ - pypy3 7.3.5+dfsg-2
NOTE: https://bugs.python.org/issue40791
NOTE: https://github.com/python/cpython/commit/8183e11d87388e4e44e3242c42085b87a878f781 (v3.9.0b2)
NOTE: https://github.com/python/cpython/commit/c1bbca5b004b3f74d240ef8a76ff445cc1a27efb (v3.9.1rc1)
@@ -53518,7 +53518,7 @@ CVE-2022-48565 (An XML External Entity (XXE) issue was discovered in Python thro
- python3.7 <removed>
- python2.7 <removed>
[bullseye] - python2.7 2.7.18-8+deb11u1
- - pypy3 7.3.4~rc1+dfsg-1
+ - pypy3 7.3.5+dfsg-2
NOTE: https://bugs.python.org/issue42051
NOTE: https://github.com/python/cpython/issues/86217
NOTE: https://github.com/python/cpython/commit/05ee790f4d1cd8725a90b54268fc1dfe5b4d1fa2 (v3.10.0a2)
@@ -53531,7 +53531,7 @@ CVE-2022-48564 (read_ints in plistlib.py in Python through 3.9.1 is vulnerable t
- python3.9 3.9.1~rc1-1
- python3.7 <removed>
- python2.7 <not-affected> (In 2.7, the plistlib parser only supports XML and not the affected binary format)
- - pypy3 7.3.4~rc1+dfsg-1
+ - pypy3 7.3.5+dfsg-2
NOTE: https://bugs.python.org/issue42103
NOTE: https://github.com/python/cpython/issues/86269
NOTE: https://github.com/python/cpython/commit/34637a0ce21e7261b952fbd9d006474cc29b681f (v3.10.0a2)
@@ -168597,7 +168597,7 @@ CVE-2022-0391 (A flaw was found in Python, specifically within the urllib.parse
- python3.4 <removed>
- python2.7 <removed>
[bullseye] - python2.7 2.7.18-8+deb11u1
- - pypy3 7.3.6~rc2+dfsg-1
+ - pypy3 7.3.6+dfsg-1
[bullseye] - pypy3 <no-dsa> (Minor issue)
[buster] - pypy3 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue43882
@@ -175924,7 +175924,7 @@ CVE-2021-4189 (A flaw was found in Python, specifically in the FTP (File Transfe
[experimental] - python2.7 2.7.18-13.1~exp1
- python2.7 2.7.18-13.1
[bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by security support)
- - pypy3 7.3.8~rc1+dfsg-1
+ - pypy3 7.3.8+dfsg-1
[bullseye] - pypy3 <no-dsa> (Minor issue)
[buster] - pypy3 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue43285
@@ -196621,7 +196621,7 @@ CVE-2021-3737 (A flaw was found in python. An improperly handled HTTP response i
- python3.4 <removed>
- python2.7 <removed>
[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
- - pypy3 7.3.8~rc1+dfsg-1
+ - pypy3 7.3.8+dfsg-1
[bullseye] - pypy3 <no-dsa> (Minor issue)
[buster] - pypy3 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue44022
@@ -197832,7 +197832,7 @@ CVE-2021-3733 (There's a flaw in urllib's AbstractBasicAuthHandler class. An att
- python3.5 <removed>
- python2.7 <removed>
[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
- - pypy3 7.3.8~rc1+dfsg-1
+ - pypy3 7.3.8+dfsg-1
[bullseye] - pypy3 <no-dsa> (Minor issue)
[buster] - pypy3 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue43075
@@ -223044,7 +223044,7 @@ CVE-2021-29921 (In Python before 3,9,5, the ipaddress library mishandles leading
- python3.9 3.9.7-1 (bug #989195)
[bullseye] - python3.9 <no-dsa> (Minor issue)
- python2.7 <not-affected> (Vulnerable code introduced later)
- - pypy3 7.3.8~rc1+dfsg-1
+ - pypy3 7.3.8+dfsg-1
[buster] - pypy3 <no-dsa> (Minor issue)
[bullseye] - pypy3 <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.python.org/issue36384#msg392423
@@ -260808,7 +260808,7 @@ CVE-2020-27619 (In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.p
- python3.8 <removed> (unimportant)
- python3.7 <removed> (unimportant)
- python2.7 <removed> (unimportant)
- - pypy3 7.3.4~rc1+dfsg-1
+ - pypy3 7.3.5+dfsg-2
NOTE: https://python-security.readthedocs.io/vuln/cjk-codec-download-eval.html
NOTE: https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8 (master)
NOTE: https://github.com/python/cpython/commit/a8bf44d04915f7366d9f8dfbf84822ac37a4bab3 (master)
@@ -264380,7 +264380,7 @@ CVE-2020-26116 (http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.
- python3.5 <removed>
- python2.7 <removed>
[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
- - pypy3 7.3.3~rc1+dfsg-1
+ - pypy3 7.3.3+dfsg-1
NOTE: https://bugs.python.org/issue39603
NOTE: https://python-security.readthedocs.io/vuln/http-header-injection-method.html
NOTE: https://github.com/python/cpython/commit/8ca8a2e8fb068863c1138f07e3098478ef8be12e (master)
@@ -287817,7 +287817,7 @@ CVE-2019-20907 (In Lib/tarfile.py in Python through 3.8.3, an attacker is able t
[buster] - python3.7 3.7.3-2+deb10u2
- python3.5 <removed> (low)
- python2.7 2.7.18-2 (low; bug #970099)
- - pypy3 7.3.3~rc1+dfsg-1
+ - pypy3 7.3.3+dfsg-1
NOTE: https://bugs.python.org/issue39017
NOTE: https://github.com/python/cpython/commit/5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4 (master)
NOTE: https://github.com/python/cpython/commit/f3232294ee695492f43d424cc6969d018d49861d (3.9-branch)
@@ -302807,7 +302807,7 @@ CVE-2020-10735 (A flaw was found in python. In algorithms with quadratic time co
- python2.7 <removed>
[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
[buster] - python2.7 <ignored> (Minor issue, CPU DoS, intrusive backport)
- - pypy3 7.3.10~rc3+dfsg-1
+ - pypy3 7.3.10+dfsg-1
[bullseye] - pypy3 <no-dsa> (Minor issue)
[buster] - pypy3 <no-dsa> (Minor issue)
NOTE: https://github.com/python/cpython/issues/95778
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90abd11fff54c95afa0f5727035be80ef638f801
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90abd11fff54c95afa0f5727035be80ef638f801
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240501/dba8ade9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list