[Git][security-tracker-team/security-tracker][master] Add CVE-2025-71176/pytest
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 22 21:44:40 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ce145e25 by Salvatore Bonaccorso at 2026-01-22T22:43:59+01:00
Add CVE-2025-71176/pytest
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -321,7 +321,10 @@ CVE-2026-0534 (A maliciously crafted HTML payload, stored in a part\u2019s attri
CVE-2026-0533 (A maliciously crafted HTML payload in a design name, when displayed du ...)
NOT-FOR-US: Autodesk
CVE-2025-71176 (pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytes ...)
- TODO: check
+ - pytest <unfixed> (unimportant)
+ NOTE: https://github.com/pytest-dev/pytest/issues/13669
+ NOTE: https://www.openwall.com/lists/oss-security/2026/01/21/5
+ NOTE: Neutralised by kernel hardening (fs.protected_symlinks = 1)
CVE-2025-70899 (PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Fo ...)
NOT-FOR-US: PHPGurukul
CVE-2025-69828 (File Upload vulnerability in TMS Global Software TMS Management Consol ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce145e251613879ba5060c35b57e9fcdb152fae3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce145e251613879ba5060c35b57e9fcdb152fae3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260122/ac589a34/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list