[Git][security-tracker-team/security-tracker][pypy3-triage] 2 commits: automatic update
Stefano Rivera (@stefanor)
stefanor at debian.org
Sat Jul 5 22:47:07 BST 2025
Stefano Rivera pushed to branch pypy3-triage at Debian Security Tracker / security-tracker
Commits:
d64220e2 by security tracker role at 2025-07-05T20:12:03+00:00
automatic update
- - - - -
1b63c5a0 by Stefano Rivera at 2025-07-05T23:46:34+02:00
Triage pypy3 bugs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2025-7074 (A vulnerability classified as problematic has been found in vercel hyp ...)
+ TODO: check
CVE-2025-7070 (A vulnerability has been found in IROAD Dashcam Q9 up to 20250624 and ...)
NOT-FOR-US: IROAD Dashcam Q9
CVE-2025-7069 (A vulnerability, which was classified as problematic, was found in HDF ...)
@@ -9824,6 +9826,7 @@ CVE-2025-4330 (Allows the extraction filter to be ignored, allowing symlink targ
- python3.11 <removed>
[bookworm] - python3.11 <not-affected> (Vulnerable code didn't get backported to the version in Bookworm)
- python3.9 <not-affected> (Vulnerable code got backported to 3.9.17, but dropped from sid with 3.9.13)
+ - pypy3 7.3.18+dfsg-1
- python2.7 <not-affected> (Vulnerable code introduced in 3.12)
- jython <not-affected> (Vulnerable code introduced in 3.12)
NOTE: https://github.com/python/cpython/issues/135034
@@ -9947,6 +9950,7 @@ CVE-2024-12718 (Allows modifying some file metadata (e.g. last modified) with fi
- python3.9 <not-affected> (Vulnerable code introduced in 3.12)
- python2.7 <not-affected> (Vulnerable code introduced in 3.12)
- jython <not-affected> (Vulnerable code introduced in 3.12)
+ - pypy3 <not-affected> (Vulnerable code introduced in 3.12)
NOTE: https://github.com/python/cpython/issues/135034
NOTE: https://github.com/python/cpython/pull/135037
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
@@ -14926,6 +14930,7 @@ CVE-2025-4516 (There is an issue in CPython when using `bytes.decode("unicode_es
[bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.9 <removed>
[bullseye] - python3.9 <postponed> (Minor issue, likely DoS-only, fix along with next update)
+ - pypy3 <not-affected> (Memory error in C code)
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/
NOTE: PoC: https://www.openwall.com/lists/oss-security/2025/05/19/1
NOTE: https://github.com/python/cpython/issues/133767
@@ -39994,6 +39999,7 @@ CVE-2025-1795 (During an address list folding when a separating comma ends up on
- python3.11 <removed>
[bookworm] - python3.11 3.11.2-6+deb12u6
- python3.9 <removed>
+ - pypy3 7.3.18+dfsg-1
NOTE: https://github.com/python/cpython/issues/100884
NOTE: Regression issue: https://github.com/python/cpython/issues/118643
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/db69b6e69c87d89aea82da080892e5faf4e36e26...1b63c5a0a86d120fcab7b541d4a2a96534b49871
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/db69b6e69c87d89aea82da080892e5faf4e36e26...1b63c5a0a86d120fcab7b541d4a2a96534b49871
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250705/3b53c3e0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list