[Git][security-tracker-team/security-tracker][master] bugnums

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03b9df0a by Moritz Muehlenhoff at 2026-04-27T23:12:15+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1856,7 +1856,7 @@ CVE-2026-6019 (http.cookies.Morsel.js_output() returns an inline <script> snippe
 	- python3.11 <removed>
 	[bookworm] - python3.11 <no-dsa> (Minor issue)
 	- python3.9 <removed>
-	- pypy3 <unfixed>
+	- pypy3 <unfixed> (bug #1135116)
 	[trixie] - pypy3 <no-dsa> (Minor issue)
 	[bookworm] - pypy3 <no-dsa> (Minor issue)
 	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/IVNWGV2BBNC3RHQAFS22UP4DY56SAXX3/
@@ -7242,10 +7242,7 @@ CVE-2026-6100 (Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`,
 	- python3.9 <removed>
 	- python2.7 <removed>
 	[bullseye] - python2.7 <end-of-life> (not supported in bullseye)
-	- pypy3 <unfixed>
-	[trixie] - pypy3 <no-dsa> (Minor issue)
-	[bookworm] - pypy3 <no-dsa> (Minor issue)
-	[bullseye] - pypy3 <no-dsa> (Minor issue)
+	- pypy3 <not-affected> (pypy uses a different implementation in pure Python)
 	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/
 	NOTE: https://github.com/python/cpython/issues/148395
 	NOTE: https://github.com/python/cpython/pull/148396
@@ -32661,11 +32658,11 @@ CVE-2026-2970 (A vulnerability has been found in datapizza-labs datapizza-ai 0.0
 CVE-2026-2969 (A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected i ...)
 	NOT-FOR-US: datapizza-labs datapizza-ai
 CVE-2026-2968 (A vulnerability was detected in Cesanta Mongoose up to 7.20. This impa ...)
-	- mongoose <unfixed>
+	- mongoose <unfixed> (bug #1135115)
 CVE-2026-2967 (A security vulnerability has been detected in Cesanta Mongoose up to 7 ...)
-	- mongoose <unfixed>
+	- mongoose <unfixed> (bug #1135115)
 CVE-2026-2966 (A weakness has been identified in Cesanta Mongoose up to 7.20. The imp ...)
-	- mongoose <unfixed>
+	- mongoose <unfixed> (bug #1135115)
 CVE-2026-2965 (A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCR ...)
 	NOT-FOR-US: 07FLYCMS, 07FLY-CMS and 07FlyCRM
 CVE-2026-2964 (A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1 ...)
@@ -46082,7 +46079,7 @@ CVE-2025-12781 (When passing data to the b64decode(), standard_b64decode(), and
 	[bookworm] - python3.11 <ignored> (Not backported to older Python releases due to compat concerns)
 	- python3.9 <removed>
 	[bullseye] - python3.9 <ignored> (Minor issue, no fix, only additional warnings)
-	- pypy3 <unfixed>
+	- pypy3 <unfixed> (bug #1135117)
 	[trixie] - pypy3 <no-dsa> (Minor issue)
 	[bookworm] - pypy3 <no-dsa> (Minor issue)
 	[bullseye] - pypy3 <ignored> (Minor issue, no fix, only additional warnings)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03b9df0ad4661a1c346a46150c07ef2e2729c254

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03b9df0ad4661a1c346a46150c07ef2e2729c254
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260427/ed788d54/attachment.htm>