[Git][security-tracker-team/security-tracker][master] Reserve DLA-3966-1 for pypy3

Andrej Shadura (@andrewsh) andrewsh at debian.org
Tue Nov 26 09:30:51 GMT 2024 


Andrej Shadura pushed to branch master at Debian Security Tracker / security-tracker


Commits:
438b7217 by Andrej Shadura at 2024-11-26T10:30:27+01:00
Reserve DLA-3966-1 for pypy3

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -139694,7 +139694,6 @@ CVE-2023-27043 (The email module of Python through 3.11.3 incorrectly parses e-m
 	[buster] - python2.7 <postponed> (Minor issue)
 	- pypy3 <unfixed> (bug #1072179)
 	[bookworm] - pypy3 <postponed> (Minor issue, wait until upstream has decided whether to backport to older branches)
-	[bullseye] - pypy3 <postponed> (Minor issue)
 	[buster] - pypy3 <postponed> (Minor issue)
 	NOTE: https://github.com/python/cpython/issues/102988
 	NOTE: https://github.com/python/cpython/commit/15068242bd4405475f70a81805a8895ca309a310 (v3.12.6)
@@ -165619,7 +165618,6 @@ CVE-2022-45061 (An issue was discovered in Python before 3.11.1. An unnecessary
 	- python2.7 <removed>
 	[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
 	- pypy3 7.3.11+dfsg-1
-	[bullseye] - pypy3 <no-dsa> (Minor issue)
 	[buster] - pypy3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/python/cpython/issues/98433
 	NOTE: https://github.com/python/cpython/pull/99092
@@ -228505,7 +228503,6 @@ CVE-2022-0391 (A flaw was found in Python, specifically within the urllib.parse
 	- python2.7 <removed>
 	[bullseye] - python2.7 2.7.18-8+deb11u1
 	- pypy3 7.3.6+dfsg-1
-	[bullseye] - pypy3 <no-dsa> (Minor issue)
 	[buster] - pypy3 <no-dsa> (Minor issue)
 	NOTE: https://bugs.python.org/issue43882
 	NOTE: Regressions reported for django, boto-core and cloud-init
@@ -256488,7 +256485,6 @@ CVE-2021-3737 (A flaw was found in python. An improperly handled HTTP response i
 	- python2.7 <removed>
 	[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
 	- pypy3 7.3.8+dfsg-1
-	[bullseye] - pypy3 <no-dsa> (Minor issue)
 	[buster] - pypy3 <no-dsa> (Minor issue)
 	NOTE: https://bugs.python.org/issue44022
 	NOTE: https://github.com/python/cpython/pull/25916
@@ -362678,7 +362674,6 @@ CVE-2020-10735 (A flaw was found in python. In algorithms with quadratic time co
 	[bullseye] - python2.7 <ignored> (Unsupported in Bullseye, only included to build a few applications)
 	[buster] - python2.7 <ignored> (Minor issue, CPU DoS, intrusive backport)
 	- pypy3 7.3.10+dfsg-1
-	[bullseye] - pypy3 <no-dsa> (Minor issue)
 	[buster] - pypy3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/python/cpython/issues/95778
 	NOTE: https://github.com/python/cpython/pull/96499


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Nov 2024] DLA-3966-1 pypy3 - security update
+	{CVE-2020-10735 CVE-2020-29651 CVE-2021-3737 CVE-2021-28861 CVE-2022-0391 CVE-2022-45061 CVE-2023-27043 CVE-2024-9287}
+	[bullseye] - pypy3 7.3.5+dfsg-2+deb11u4
 [24 Nov 2024] DLA-3965-1 ghostscript - security update
 	{CVE-2024-46951 CVE-2024-46953 CVE-2024-46955 CVE-2024-46956}
 	[bullseye] - ghostscript 9.53.3~dfsg-7+deb11u9


=====================================
data/dla-needed.txt
=====================================
@@ -154,10 +154,6 @@ proftpd-dfsg (rouca)
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: Follow fixes from bookworm 12.5 (2 CVEs) (Beuc/front-desk)
 --
-pypy3 (andrewsh)
-  NOTE: 20240930: Added by Front-Desk (Beuc)
-  NOTE: 20241124: Needs fixing other pending CVEs (Beuc/front-desk)
---
 python-aiohttp
   NOTE: 20240523: Added by oldstable Security Team (jmm)
   NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/438b7217e8453450c2ca7c65b26f5e1b149fc7c3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/438b7217e8453450c2ca7c65b26f5e1b149fc7c3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241126/9df4ab22/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list