[Git][security-tracker-team/security-tracker][master] Add CVE-2025-0938/python

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Feb 1 20:34:47 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
74674221 by Salvatore Bonaccorso at 2025-02-01T21:34:19+01:00
Add CVE-2025-0938/python

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -177,7 +177,18 @@ CVE-2025-22332 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-22265 (Missing Authorization vulnerability in mgplugin EMI Calculator allows  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-0938 (The Python standard library functions `urllib.parse.urlsplit` and `url ...)
-	TODO: check
+	- python3.13 <unfixed>
+	- python3.12 <unfixed>
+	- python3.11 <removed>
+	- python3.9 <removed>
+	- pypy3 <unfixed>
+	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/
+	NOTE: https://github.com/python/cpython/issues/105704
+	NOTE: https://github.com/python/cpython/pull/129418
+	NOTE: https://github.com/python/cpython/pull/129526 (3.13)
+	NOTE: https://github.com/python/cpython/pull/129527 (3.12)
+	NOTE: https://github.com/python/cpython/pull/129528 (3.11)
+	NOTE: https://github.com/python/cpython/pull/129530 (3.9)
 CVE-2025-0934 (A vulnerability was found in code-projects Job Recruitment 1.0. It has ...)
 	NOT-FOR-US: code-projects Job Recruitment
 CVE-2025-0930 (Reflected Cross-Site Scripting (XSS) in TeamCal Neo, version 3.8.2. Th ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/746742216eab3fafa0f432fa610e212ab5f4f44f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/746742216eab3fafa0f432fa610e212ab5f4f44f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250201/a9768a0f/attachment.htm>

More information about the debian-security-tracker-commits mailing list