[Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-8869/python-pip
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Oct 26 07:37:54 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
773d6f2a by Salvatore Bonaccorso at 2025-10-26T08:36:46+01:00
Update status for CVE-2025-8869/python-pip
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10816,9 +10816,9 @@ CVE-2025-9054 (The MultiLoca - WooCommerce Multi Locations Inventory Management
CVE-2025-9031 (Observable Timing Discrepancy vulnerability in DivvyDrive Information ...)
NOT-FOR-US: DivvyDrive Web
CVE-2025-8869 (When extracting a tar archive pip may not check symbolic links point i ...)
- - python-pip <unfixed> (bug #1116336)
+ - python-pip 25.3+dfsg-1 (bug #1116336)
NOTE: https://github.com/pypa/pip/pull/13550
- NOTE: Merge commit: https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a
+ NOTE: Merge commit: https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a (25.3)
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/
CVE-2025-59828 (Claude Code is an agentic coding tool. Prior to Claude Code version 1. ...)
NOT-FOR-US: Claude Code
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/773d6f2aa7fe39452537c45421c2b7f15405b2f3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/773d6f2aa7fe39452537c45421c2b7f15405b2f3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251026/e054859f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list