[Git][security-tracker-team/security-tracker][master] Reserve DLA-4197-1 for python-flask-cors
Daniel Leidert (@dleidert)
dleidert at debian.org
Sat May 31 03:19:06 BST 2025
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e6508732 by Daniel Leidert at 2025-05-31T04:18:43+02:00
Reserve DLA-4197-1 for python-flask-cors
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -23952,7 +23952,6 @@ CVE-2024-6982 (A remote code execution vulnerability exists in the Calculate fun
CVE-2024-6866 (corydolphin/flask-cors version 4.01 contains a vulnerability where the ...)
- python-flask-cors 6.0.0-1 (bug #1100988)
[bookworm] - python-flask-cors <postponed> (Minor issue)
- [bullseye] - python-flask-cors <postponed> (Minor issue)
NOTE: https://huntr.com/bounties/808c11af-faee-43a8-824b-b5ab4f62b9e6
NOTE: https://github.com/advisories/GHSA-43qf-4rqw-9q2g
NOTE: Fixed by: https://github.com/corydolphin/flask-cors/commit/eb39516a3c96b90d0ae5f51293972395ec3ef358 (6.0.0)
@@ -23965,7 +23964,6 @@ CVE-2024-6851 (In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup
CVE-2024-6844 (A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inc ...)
- python-flask-cors 6.0.0-1 (bug #1100988)
[bookworm] - python-flask-cors <postponed> (Minor issue)
- [bullseye] - python-flask-cors <postponed> (Minor issue)
NOTE: https://huntr.com/bounties/731a6cd4-d05f-4fe6-8f5b-fe088d7b34e0
NOTE: https://github.com/corydolphin/flask-cors/issues/385
NOTE: https://github.com/advisories/GHSA-8vgw-p6qm-5gr7
@@ -23977,7 +23975,6 @@ CVE-2024-6841 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the l
CVE-2024-6839 (corydolphin/flask-cors version 4.0.1 contains an improper regex path m ...)
- python-flask-cors 6.0.0-1 (bug #1100988)
[bookworm] - python-flask-cors <postponed> (Minor issue)
- [bullseye] - python-flask-cors <postponed> (Minor issue)
NOTE: https://huntr.com/bounties/403eb1fc-86f4-4820-8eba-0f3dfae9f2b4
NOTE: https://github.com/advisories/GHSA-7rxf-gvfg-47g4
NOTE: Fixed by: https://github.com/corydolphin/flask-cors/commit/e970988bea563e05e8b8f53fa7bcc134b5bf5c5f (6.0.0, incomplete fix)
@@ -121892,7 +121889,6 @@ CVE-2024-21846 (An unauthenticated attacker can reset the board and stop transmi
CVE-2024-1681 (corydolphin/flask-cors is vulnerable to log injection when the log lev ...)
- python-flask-cors 4.0.1-1 (bug #1069764)
[bookworm] - python-flask-cors <no-dsa> (Minor issue)
- [bullseye] - python-flask-cors <no-dsa> (Minor issue)
[buster] - python-flask-cors <postponed> (Minor issue)
NOTE: https://huntr.com/bounties/25a7a0ba-9fa2-4777-acb6-03e5539bb644
NOTE: https://github.com/corydolphin/flask-cors/issues/349
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 May 2025] DLA-4197-1 python-flask-cors - security update
+ {CVE-2024-1681 CVE-2024-6839 CVE-2024-6844 CVE-2024-6866}
+ [bullseye] - python-flask-cors 3.0.9-2+deb11u1
[30 May 2025] DLA-4196-1 kmail-account-wizard - security update
{CVE-2024-50624}
[bullseye] - kmail-account-wizard 4:20.08.3-1+deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -329,10 +329,6 @@ python-django (Chris Lamb)
NOTE: 20250507: Added on request from lamby about CVE-2025-32873.
NOTE: 20250507: Many postponed vulnerabilities to fix as well (Beuc/front-desk)
--
-python-flask-cors (dleidert)
- NOTE: 20250422: Added by Front-Desk (rouca)
- NOTE: 20250519: WIP (dleidert)
---
pytorch
NOTE: 20250422: Added by Front-Desk (rouca)
NOTE: 20250422: CVE-2025-32434 RCE need to be fixed. DoS may be postponed (rouca/FD)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6508732019629e84e157ab30eca49f37d5d8e71
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6508732019629e84e157ab30eca49f37d5d8e71
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250531/129d5dc9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list