[Git][security-tracker-team/security-tracker][master] Reserve DLA-4352-1 for python-authlib

Daniel Leidert (@dleidert) dleidert at debian.org
Wed Oct 29 03:22:19 GMT 2025 


Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
40d0b486 by Daniel Leidert at 2025-10-29T04:22:05+01:00
Reserve DLA-4352-1 for python-authlib

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -154208,7 +154208,6 @@ CVE-2024-37569 (An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x
 CVE-2024-37568 (lepture Authlib before 1.3.1 has algorithm confusion with asymmetric p ...)
 	- python-authlib 1.3.1-1
 	[bookworm] - python-authlib <no-dsa> (Minor issue)
-	[bullseye] - python-authlib <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/lepture/authlib/issues/654
 	NOTE: https://github.com/lepture/authlib/commit/3bea812acefebc9ee108aa24557be3ba8971daf1 (v1.3.1)
 CVE-2024-35748 (Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.T ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Oct 2025] DLA-4352-1 python-authlib - security update
+	{CVE-2024-37568 CVE-2025-59420 CVE-2025-61920 CVE-2025-62706}
+	[bullseye] - python-authlib 0.15.4-1+deb11u1
 [27 Oct 2025] DLA-4351-1 thunderbird - security update
 	{CVE-2025-11708 CVE-2025-11709 CVE-2025-11710 CVE-2025-11711 CVE-2025-11712 CVE-2025-11714 CVE-2025-11715}
 	[bullseye] - thunderbird 1:140.4.0esr-1~deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -286,10 +286,6 @@ pypy3
   NOTE: 20250718: Sponsored through pypy[v2] which is obsoleted in bullseye.
   NOTE: 20250718: Many postponed vulnerabilities, sync python3 fixes. (Beuc/front-desk)
 --
-python-authlib (dleidert)
-  NOTE: 20250930: Added by Front-Desk (rouca)
-  NOTE: 20251020: wip (dleidert)
---
 pytorch (dleidert)
   NOTE: 20250422: Added by Front-Desk (rouca)
   NOTE: 20250422: CVE-2025-32434 RCE need to be fixed. DoS may be postponed (rouca/FD)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40d0b4867274170bd314c4f49c52293e1ec6b63f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40d0b4867274170bd314c4f49c52293e1ec6b63f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251029/e4ce8ea8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list