[Git][security-tracker-team/security-tracker][master] Add CVE-2025-8194/pythonAdd CVE-2025-8194/python
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 29 08:05:01 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
46f16c1c by Salvatore Bonaccorso at 2025-07-29T09:04:30+02:00
Add CVE-2025-8194/pythonAdd CVE-2025-8194/python
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -24,7 +24,18 @@ CVE-2025-8266 (A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.
CVE-2025-8265 (A vulnerability classified as critical has been found in 299Ko CMS 2.0 ...)
NOT-FOR-US: 299Ko CMS
CVE-2025-8194 (There is a defect in the CPython \u201ctarfile\u201d module affecting ...)
- TODO: check
+ - python3.13 <unfixed>
+ - python3.12 <unfixed>
+ - python3.11 <removed>
+ [bookworm] - python3.11 <no-dsa> (Minor issue)
+ - python3.9 <removed>
+ - python2.7 <removed>
+ [bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
+ NOTE: https://github.com/python/cpython/issues/130577
+ NOTE: https://github.com/python/cpython/pull/137027
+ NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/
+ NOTE: Fixed by: https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38 (main)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe (3.13-branch)
CVE-2025-7676 (DLL hijacking of all PE32 executables when run on Windows for ARM64 CP ...)
NOT-FOR-US: Microsoft
CVE-2025-6918 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46f16c1cbd9e953f37d430325bbd5f4bfe3878df
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46f16c1cbd9e953f37d430325bbd5f4bfe3878df
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250729/5313a5ab/attachment.htm>
More information about the debian-security-tracker-commits
mailing list