[Git][security-tracker-team/security-tracker][master] new poetry issue
Salvatore Bonaccorso
carnil at debian.org
Sat Apr 25 15:28:18 BST 2026
Hoi,
On Fri, Apr 24, 2026 at 10:38:39PM +0000, Moritz Muehlenhoff (@jmm) wrote:
> =====================================
> data/CVE/list
> =====================================
> @@ -105,7 +105,10 @@ CVE-2026-41322 (@astrojs/node allows Astro to deploy your SSR site to Node targe
> CVE-2026-41321 (@astrojs/cloudflare is an SSR adapter for use with Cloudflare Workers ...)
> NOT-FOR-US: @astrojs/cloudflare
> CVE-2026-41140 (Poetry is a dependency manager for Python. Prior to 2.3.4, the extract ...)
> - TODO: check
> + - poetry <unfixed>
> + [trixie] - poetry <not-affected> (Trixie ships Python 3.13)
> + NOTE: https://github.com/python-poetry/poetry/security/advisories/GHSA-73h3-mf4w-8647
> + NOTE: https://github.com/python-poetry/poetry/commit/47e97340cae50d3698aac858732788861ba8dd1f
Koennen wir stattessen dies zu <ignored> konvertieren (Und
thoeretisch dann ein non-issue)?
Gruss,
Salvatore
More information about the debian-security-tracker-commits
mailing list