[Git][security-tracker-team/security-tracker][master] CVE-2018-14647: reference expat vulnerabilities required to exploit

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b48bdc71 by Sylvain Beucler at 2025-02-10T20:44:08+01:00
CVE-2018-14647: reference expat vulnerabilities required to exploit

Useful when checking alternate Python/elementtree implementations.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -481603,6 +481603,7 @@ CVE-2018-14647 (Python's elementtree C accelerator failed to initialise Expat's
 	NOTE: 3.7: https://github.com/python/cpython/commit/470a435f3b42c9be5fdb7f7b04f3df5663ba7305
 	NOTE: 3.6: https://github.com/python/cpython/commit/f7666e828cc3d5873136473ea36ba2013d624fa1
 	NOTE: 2.7: https://github.com/python/cpython/commit/18b20bad75b4ff0486940fba4ec680e96e70f3a2
+	NOTE: Vulnerability depends on expat CVE-2012-0876 / CVE-2012-6702 / CVE-2016-5300
 CVE-2018-14646 (The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL  ...)
 	- linux <not-affected> (Vulnerable code not present in any version released; apart experimental)
 	NOTE: Fixed by: https://git.kernel.org/linus/f428fe4a04cc339166c8bbd489789760de3a0cee



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b48bdc71146cf6969efc3de988394798d213f175

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b48bdc71146cf6969efc3de988394798d213f175
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250210/a4c86123/attachment.htm>