[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVEs of jython as EOL in Bullseye
Thorsten Alteholz (@alteholz)
alteholz at debian.org
Thu Jun 5 18:57:20 BST 2025
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8fe70486 by Thorsten Alteholz at 2025-06-05T19:54:34+02:00
mark CVEs of jython as EOL in Bullseye
- - - - -
759adeda by Thorsten Alteholz at 2025-06-05T19:56:59+02:00
mark CVEs of python2.7 as EOL in Bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -473,8 +473,10 @@ CVE-2025-4517 (Allows arbitrary filesystem writes outside the extraction directo
- python3.11 <removed>
- python3.9 <removed>
- python2.7 <removed>
+ [bullseye] - python2.7 <end-of-life> (EOLed in Bullseye)
- jython <unfixed>
[bookworm] - jython <no-dsa> (Minor issue)
+ [bullseye] - jython <end-of-life> (EOLed in Bullseye)
NOTE: https://github.com/python/cpython/issues/135034
NOTE: https://github.com/python/cpython/pull/135037
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
@@ -488,8 +490,10 @@ CVE-2025-4435 (When using a TarFile.errorlevel = 0and extracting with a filter t
- python3.11 <removed>
- python3.9 <removed>
- python2.7 <removed>
+ [bullseye] - python2.7 <end-of-life> (EOLed in Bullseye)
- jython <unfixed>
[bookworm] - jython <no-dsa> (Minor issue)
+ [bullseye] - jython <end-of-life> (EOLed in Bullseye)
NOTE: https://github.com/python/cpython/issues/135034
NOTE: https://github.com/python/cpython/pull/135037
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
@@ -507,8 +511,10 @@ CVE-2025-4330 (Allows the extraction filter to be ignored, allowing symlink targ
- python3.11 <removed>
- python3.9 <removed>
- python2.7 <removed>
+ [bullseye] - python2.7 <end-of-life> (EOLed in Bullseye)
- jython <unfixed>
[bookworm] - jython <no-dsa> (Minor issue)
+ [bullseye] - jython <end-of-life> (EOLed in Bullseye)
NOTE: https://github.com/python/cpython/issues/135034
NOTE: https://github.com/python/cpython/pull/135037
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
@@ -524,8 +530,10 @@ CVE-2025-4138 (Allows the extraction filter to be ignored, allowing symlink targ
- python3.11 <removed>
- python3.9 <removed>
- python2.7 <removed>
+ [bullseye] - python2.7 <end-of-life> (EOLed in Bullseye)
- jython <unfixed>
[bookworm] - jython <no-dsa> (Minor issue)
+ [bullseye] - jython <end-of-life> (EOLed in Bullseye)
NOTE: https://github.com/python/cpython/issues/135034
NOTE: https://github.com/python/cpython/pull/135037
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
@@ -621,8 +629,10 @@ CVE-2024-12718 (Allows modifying some file metadata (e.g. last modified) with fi
- python3.11 <removed>
- python3.9 <removed>
- python2.7 <removed>
+ [bullseye] - python2.7 <end-of-life> (EOLed in Bullseye)
- jython <unfixed>
[bookworm] - jython <no-dsa> (Minor issue)
+ [bullseye] - jython <end-of-life> (EOLed in Bullseye)
NOTE: https://github.com/python/cpython/issues/135034
NOTE: https://github.com/python/cpython/pull/135037
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e3ca26c09aee8d0f147ca35d4fee13b145a92232...759adedac425db9b96605add5d17391e6b90ff12
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e3ca26c09aee8d0f147ca35d4fee13b145a92232...759adedac425db9b96605add5d17391e6b90ff12
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250605/b6232b93/attachment.htm>
More information about the debian-security-tracker-commits
mailing list