[Git][security-tracker-team/security-tracker][master] Add CVE-2024-11168/python

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
197634a9 by Salvatore Bonaccorso at 2024-11-13T09:50:59+01:00
Add CVE-2024-11168/python

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -99,7 +99,13 @@ CVE-2024-21541 (All versions of the package dom-iterator are vulnerable to Arbit
 CVE-2024-21540 (All versions of the package source-map-support are vulnerable to Direc ...)
 	TODO: check
 CVE-2024-11168 (The urllib.parse.urlsplit() and urlparse() functions improperly valida ...)
-	TODO: check
+	- python3.12 <not-affected> (Fixed with first upload to Debian unstable)
+	- python3.11 3.11.4-1
+	- python3.9 <removed>
+	NOTE: https://github.com/python/cpython/issues/103848
+	NOTE: https://github.com/python/cpython/pull/103849
+	NOTE: https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 (v3.12.0b1)
+	NOTE: https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 (v3.11.4)
 CVE-2024-11150 (The WordPress User Extra Fields plugin for WordPress is vulnerable to  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-11143 (The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/197634a930ebba1197aa7e7daf1203eeb836ee51

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/197634a930ebba1197aa7e7daf1203eeb836ee51
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241113/c1d6712c/attachment-0001.htm>