[Git][security-tracker-team/security-tracker][master] new python issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 16 07:19:14 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fd6e0552 by Moritz Muehlenhoff at 2025-05-16T08:18:11+02:00
new python issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47,7 +47,15 @@ CVE-2025-4695 (A vulnerability was found in PHPGurukul Cyber Cafe Management Sys
 CVE-2025-4564 (The TicketBAI Facturas para WooCommerce plugin for WordPress is vulner ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4516 (There is an issue in CPython when using `bytes.decode("unicode_escape" ...)
-	TODO: check
+	- python3.13 <unfixed>
+	- python3.12 <unfixed>
+	- python3.11 <removed>
+	- python3.9 <removed>
+	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/
+	NOTE: https://github.com/python/cpython/issues/133767
+	NOTE: https://github.com/python/cpython/pull/129648https://github.com/python/cpython/pull/129648
+	NOTE: https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e (main)
+	NOTE: https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 (3.14)
 CVE-2025-48051 (powertip.ts in Lila (for Lichess) before ab0beaf allows XSS in some ap ...)
 	NOT-FOR-US: Lichess Lila
 CVE-2025-48050 (In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd6e0552d94501912b554c26300c4ea19494be0f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd6e0552d94501912b554c26300c4ea19494be0f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250516/1fba93d6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list