[Git][security-tracker-team/security-tracker][master] Add new python issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 3 21:45:45 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
33b26563 by Salvatore Bonaccorso at 2025-06-03T22:45:21+02:00
Add new python issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -59,19 +59,67 @@ CVE-2025-5103 (The Ultimate Gift Cards for WooCommerce plugin for WordPress is v
CVE-2025-4671 (The Profile Builder plugin for WordPress is vulnerable to Stored Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4517 (Allows arbitrary filesystem writes outside the extraction directory du ...)
- TODO: check
+ - python3.13 3.13.4-1
+ - python3.12 <unfixed>
+ - python3.11 <removed>
+ - python3.9 <removed>
+ - python2.7 <removed>
+ - jython <unfixed>
+ NOTE: https://github.com/python/cpython/issues/135034
+ NOTE: https://github.com/python/cpython/pull/135037
+ NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
+ NOTE: Fixed by: https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a (main)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a (3.14)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01 (3.13.4)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da (3.12.11)
CVE-2025-4435 (When using a TarFile.errorlevel = 0and extracting with a filter the do ...)
- TODO: check
+ - python3.13 3.13.4-1
+ - python3.12 <unfixed>
+ - python3.11 <removed>
+ - python3.9 <removed>
+ - python2.7 <removed>
+ - jython <unfixed>
+ NOTE: https://github.com/python/cpython/issues/135034
+ NOTE: https://github.com/python/cpython/pull/135037
+ NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
+ NOTE: Fixed by: https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a (main)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a (3.14)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01 (3.13.4)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da (3.12.11)
CVE-2025-4420 (The Vayu Blocks \u2013 Gutenberg Blocks for WordPress & WooCommerce pl ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4392 (The Shared Files \u2013 Frontend File Upload Form & Secure File Sharin ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4330 (Allows the extraction filter to be ignored, allowing symlink targets t ...)
- TODO: check
+ - python3.13 3.13.4-1
+ - python3.12 <unfixed>
+ - python3.11 <removed>
+ - python3.9 <removed>
+ - python2.7 <removed>
+ - jython <unfixed>
+ NOTE: https://github.com/python/cpython/issues/135034
+ NOTE: https://github.com/python/cpython/pull/135037
+ NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
+ NOTE: Fixed by: https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a (main)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a (3.14)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01 (3.13.4)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da (3.12.11)
CVE-2025-4205 (The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4138 (Allows the extraction filter to be ignored, allowing symlink targets t ...)
- TODO: check
+ - python3.13 3.13.4-1
+ - python3.12 <unfixed>
+ - python3.11 <removed>
+ - python3.9 <removed>
+ - python2.7 <removed>
+ - jython <unfixed>
+ NOTE: https://github.com/python/cpython/issues/135034
+ NOTE: https://github.com/python/cpython/pull/135037
+ NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
+ NOTE: Fixed by: https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a (main)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a (3.14)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01 (3.13.4)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da (3.12.11)
CVE-2025-48998 (DataEase is an open source business intelligence and data visualizatio ...)
NOT-FOR-US: DataEase
CVE-2025-48997 (Multer is a node.js middleware for handling `multipart/form-data`. A v ...)
@@ -147,7 +195,19 @@ CVE-2024-45655 (IBM Application Gateway 19.12 through 24.09 could allow a local
CVE-2024-36486 (A privilege escalation vulnerability exists in the virtual machine arc ...)
TODO: check
CVE-2024-12718 (Allows modifying some file metadata (e.g. last modified) with filter=" ...)
- TODO: check
+ - python3.13 3.13.4-1
+ - python3.12 <unfixed>
+ - python3.11 <removed>
+ - python3.9 <removed>
+ - python2.7 <removed>
+ - jython <unfixed>
+ NOTE: https://github.com/python/cpython/issues/135034
+ NOTE: https://github.com/python/cpython/pull/135037
+ NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
+ NOTE: Fixed by: https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a (main)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a (3.14)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01 (3.13.4)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da (3.12.11)
CVE-2024-47081
- requests <unfixed>
[bookworm] - requests <postponed> (Minor issue; revisit when fixed upstream)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33b2656334faa49cde20efa961b546ff0dd4b818
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33b2656334faa49cde20efa961b546ff0dd4b818
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250603/38a3c010/attachment.htm>
More information about the debian-security-tracker-commits
mailing list