[Git][security-tracker-team/security-tracker][pypy3-triage] 4 commits: automatic update
Stefano Rivera (@stefanor)
stefanor at debian.org
Sun Jul 6 16:33:27 BST 2025
Stefano Rivera pushed to branch pypy3-triage at Debian Security Tracker / security-tracker
Commits:
51264008 by security tracker role at 2025-07-06T08:12:02+00:00
automatic update
- - - - -
df4bac5b by Salvatore Bonaccorso at 2025-07-06T13:45:32+02:00
Process some NFUs
- - - - -
0a068746 by Salvatore Bonaccorso at 2025-07-06T14:58:12+02:00
Add CVE-2025-38235/linux
- - - - -
48a1ed00 by Stefano Rivera at 2025-07-06T17:33:15+02:00
Triage pypy3 bugs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,132 @@
-CVE-2025-7074 (A vulnerability classified as problematic has been found in vercel hyp ...)
+CVE-2025-38235 [HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting]
+ - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/4540e41e753a7d69ecd3f5bad51fe620205c3a18 (6.16-rc4)
+CVE-2025-7077 (A vulnerability classified as critical has been found in Shenzhen Libi ...)
+ NOT-FOR-US: Shenzhen Libituo Technology LBT-T300-T310
+CVE-2025-7076 (A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It ...)
+ NOT-FOR-US: BlackVue Dashcam 590X
+CVE-2025-7075 (A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It ...)
+ NOT-FOR-US: BlackVue Dashcam 590X
+CVE-2025-6022
+ REJECTED
+CVE-2025-5316
+ REJECTED
+CVE-2025-5104
+ REJECTED
+CVE-2025-4950
+ REJECTED
+CVE-2025-4694
+ REJECTED
+CVE-2025-3896
+ REJECTED
+CVE-2025-3524
+ REJECTED
+CVE-2025-3283
+ REJECTED
+CVE-2025-3156
+ REJECTED
+CVE-2025-3094
+ REJECTED
+CVE-2025-2904
+ REJECTED
+CVE-2025-2856
+ REJECTED
+CVE-2025-2718
+ REJECTED
+CVE-2025-2504
+ REJECTED
+CVE-2025-2422
+ REJECTED
+CVE-2025-27446 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
TODO: check
+CVE-2025-1990
+ REJECTED
+CVE-2025-1772
+ REJECTED
+CVE-2025-1737
+ REJECTED
+CVE-2025-1631
+ REJECTED
+CVE-2025-1573
+ REJECTED
+CVE-2025-1569
+ REJECTED
+CVE-2025-1318
+ REJECTED
+CVE-2025-1317
+ REJECTED
+CVE-2025-1297
+ REJECTED
+CVE-2025-1234
+ REJECTED
+CVE-2025-0654
+ REJECTED
+CVE-2025-0305
+ REJECTED
+CVE-2024-9012
+ REJECTED
+CVE-2024-8895
+ REJECTED
+CVE-2024-7403
+ REJECTED
+CVE-2024-6616
+ REJECTED
+CVE-2024-6475
+ REJECTED
+CVE-2024-6474
+ REJECTED
+CVE-2024-5900
+ REJECTED
+CVE-2024-5054
+ REJECTED
+CVE-2024-5007
+ REJECTED
+CVE-2024-4938
+ REJECTED
+CVE-2024-3960
+ REJECTED
+CVE-2024-3953
+ REJECTED
+CVE-2024-3510
+ REJECTED
+CVE-2024-2219
+ REJECTED
+CVE-2024-12804
+ REJECTED
+CVE-2024-12762
+ REJECTED
+CVE-2024-12758
+ REJECTED
+CVE-2024-12685
+ REJECTED
+CVE-2024-12681
+ REJECTED
+CVE-2024-12154
+ REJECTED
+CVE-2024-11505
+ REJECTED
+CVE-2024-11389
+ REJECTED
+CVE-2024-11105
+ REJECTED
+CVE-2024-10243
+ REJECTED
+CVE-2024-10212
+ REJECTED
+CVE-2024-0398
+ REJECTED
+CVE-2023-6820
+ REJECTED
+CVE-2023-6818
+ REJECTED
+CVE-2023-6770
+ REJECTED
+CVE-2023-6726
+ REJECTED
+CVE-2023-5361
+ REJECTED
+CVE-2025-7074 (A vulnerability classified as problematic has been found in vercel hyp ...)
+ NOT-FOR-US: vercel hyper
CVE-2025-7070 (A vulnerability has been found in IROAD Dashcam Q9 up to 20250624 and ...)
NOT-FOR-US: IROAD Dashcam Q9
CVE-2025-7069 (A vulnerability, which was classified as problematic, was found in HDF ...)
@@ -9826,6 +9953,7 @@ CVE-2025-4330 (Allows the extraction filter to be ignored, allowing symlink targ
- python3.11 <removed>
[bookworm] - python3.11 <not-affected> (Vulnerable code didn't get backported to the version in Bookworm)
- python3.9 <not-affected> (Vulnerable code got backported to 3.9.17, but dropped from sid with 3.9.13)
+ - pypy3 7.3.18+dfsg-1
- python2.7 <not-affected> (Vulnerable code introduced in 3.12)
- jython <not-affected> (Vulnerable code introduced in 3.12)
NOTE: https://github.com/python/cpython/issues/135034
@@ -9949,6 +10077,7 @@ CVE-2024-12718 (Allows modifying some file metadata (e.g. last modified) with fi
- python3.9 <not-affected> (Vulnerable code introduced in 3.12)
- python2.7 <not-affected> (Vulnerable code introduced in 3.12)
- jython <not-affected> (Vulnerable code introduced in 3.12)
+ - pypy3 <not-affected> (Vulnerable code introduced in 3.12)
NOTE: https://github.com/python/cpython/issues/135034
NOTE: https://github.com/python/cpython/pull/135037
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
@@ -14928,6 +15057,7 @@ CVE-2025-4516 (There is an issue in CPython when using `bytes.decode("unicode_es
[bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.9 <removed>
[bullseye] - python3.9 <postponed> (Minor issue, likely DoS-only, fix along with next update)
+ - pypy3 <not-affected> (Vulnerable code not present; memory error in C code implementation)
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/
NOTE: PoC: https://www.openwall.com/lists/oss-security/2025/05/19/1
NOTE: https://github.com/python/cpython/issues/133767
@@ -39996,6 +40126,7 @@ CVE-2025-1795 (During an address list folding when a separating comma ends up on
- python3.11 <removed>
[bookworm] - python3.11 3.11.2-6+deb12u6
- python3.9 <removed>
+ - pypy3 7.3.18+dfsg-1
NOTE: https://github.com/python/cpython/issues/100884
NOTE: Regression issue: https://github.com/python/cpython/issues/118643
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1b63c5a0a86d120fcab7b541d4a2a96534b49871...48a1ed00855c9f7f72e407a0ac26e38ce55dc911
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1b63c5a0a86d120fcab7b541d4a2a96534b49871...48a1ed00855c9f7f72e407a0ac26e38ce55dc911
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250706/ed1de0f1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list