[Git][security-tracker-team/security-tracker][master] Track fixes for pypy3 via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 30 06:44:52 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd6476db by Salvatore Bonaccorso at 2026-04-30T07:44:25+02:00
Track fixes for pypy3 via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7968,7 +7968,7 @@ CVE-2026-4786 (Mitgation ofCVE-2026-4519 was incomplete. If the URL contained "%
 	[trixie] - jython <not-affected> (Incomplete fix not released)
 	[bookworm] - jython <not-affected> (Incomplete fix not released)
 	[bullseye] - jython <not-affected> (Incomplete fix not released)
-	- pypy3 <unfixed>
+	- pypy3 7.3.22+dfsg-1
 	[trixie] - pypy3 <not-affected> (Incomplete fix not released)
 	[bookworm] - pypy3 <not-affected> (Incomplete fix not released)
 	[bullseye] - pypy3 <not-affected> (Incomplete fix not released)
@@ -9256,7 +9256,7 @@ CVE-2026-1502 (CR/LF bytes were not rejected by HTTP client proxy tunnel headers
 	- python3.9 <removed>
 	- python2.7 <removed>
 	[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
-	- pypy3 <unfixed>
+	- pypy3 7.3.22+dfsg-1
 	[trixie] - pypy3 <no-dsa> (Minor issue)
 	[bookworm] - pypy3 <no-dsa> (Minor issue)
 	[bullseye] - pypy3 <postponed> (Minor issue)
@@ -21773,7 +21773,7 @@ CVE-2026-4519 (The webbrowser.open() API would accept leading dashes in the URL
 	[trixie] - jython <no-dsa> (Minor issue)
 	[bookworm] - jython <no-dsa> (Minor issue)
 	[bullseye] - jython <end-of-life> (EOL in bullseye LTS)
-	- pypy3 <unfixed>
+	- pypy3 7.3.22+dfsg-1
 	[trixie] - pypy3 <no-dsa> (Minor issue)
 	[bookworm] - pypy3 <no-dsa> (Minor issue)
 	[bullseye] - pypy3 <postponed> (Minor issue)
@@ -29122,7 +29122,7 @@ CVE-2026-2297 (The import hook in CPython that handles legacy *.pyc files (Sourc
 	- python3.11 <removed>
 	[bookworm] - python3.11 <no-dsa> (Minor issue)
 	- python3.9 <removed>
-	- pypy3 <unfixed>
+	- pypy3 7.3.22+dfsg-1
 	[trixie] - pypy3 <no-dsa> (Minor issue)
 	[bookworm] - pypy3 <no-dsa> (Minor issue)
 	[bullseye] - pypy3 <postponed> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd6476db0be8ff6e2652881525438e5de3e1f689

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd6476db0be8ff6e2652881525438e5de3e1f689
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260430/b4960048/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list