[Git][security-tracker-team/security-tracker][master] Add CVE-2025-8869/python-pip
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 24 21:39:17 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4f92ac21 by Salvatore Bonaccorso at 2025-09-24T22:38:58+02:00
Add CVE-2025-8869/python-pip
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,10 @@ CVE-2025-9054 (The MultiLoca - WooCommerce Multi Locations Inventory Management
CVE-2025-9031 (Observable Timing Discrepancy vulnerability in DivvyDrive Information ...)
NOT-FOR-US: DivvyDrive Web
CVE-2025-8869 (When extracting a tar archive pip may not check symbolic links point i ...)
- TODO: check
+ - python-pip <unfixed>
+ NOTE: https://github.com/pypa/pip/pull/13550
+ NOTE: Merge commit: https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a
+ NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/
CVE-2025-59828 (Claude Code is an agentic coding tool. Prior to Claude Code version 1. ...)
NOT-FOR-US: Claude Code
CVE-2025-59824 (Omni manages Kubernetes on bare metal, virtual machines, or in a cloud ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f92ac21421455b81e908290cb307fb25bef86b0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f92ac21421455b81e908290cb307fb25bef86b0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250924/cca23a52/attachment.htm>
More information about the debian-security-tracker-commits
mailing list