[Git][security-tracker-team/security-tracker][master] Add CVE-2025-12781/python

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 22 22:12:40 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b2cbc08 by Salvatore Bonaccorso at 2026-01-22T23:12:13+01:00
Add CVE-2025-12781/python

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1007,7 +1007,16 @@ CVE-2025-13465 (Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototyp
 	- node-lodash <unfixed>
 	NOTE: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg
 CVE-2025-12781 (When passing data to the b64decode(), standard_b64decode(), and urlsaf ...)
-	TODO: check
+	- python3.14 <unfixed>
+	- python3.13 <unfixed>
+	- python3.11 <removed>
+	- python3.9 <removed>
+	- pypy3 <unfixed>
+	NOTE: https://github.com/python/cpython/issues/125346
+	NOTE: https://github.com/python/cpython/pull/141128
+	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/KRI7GC6S27YV5NJ4FPDALS2WI5ENAFJ6/
+	NOTE: Fix is only to deprecate accepting "+" and "/" with alternative alphabet.
+	NOTE: https://github.com/python/cpython/commit/9060b4abbe475591b6230b23c2afefeff26fcca5 (main)
 CVE-2021-47887 (OKI Print Job Accounting 4.4.10 contains an unquoted service path vuln ...)
 	NOT-FOR-US: OKI Print Job Accounting
 CVE-2021-47886 (Pingzapper 2.3.1 contains an unquoted service path vulnerability in th ...)
@@ -1071,7 +1080,8 @@ CVE-2021-47855 (Openlitespeed 1.7.9 contains a stored cross-site scripting vulne
 CVE-2021-47854 (DD-WRT version 45723 contains a buffer overflow vulnerability in the U ...)
 	NOT-FOR-US: DD-WRT
 CVE-2021-47853 (phpPgAdmin 7.13.0 contains a remote command execution vulnerability th ...)
-	TODO: check
+	- phppgadmin <undetermined>
+	NOTE: https://www.exploit-db.com/exploits/49736
 CVE-2021-47852 (Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vul ...)
 	NOT-FOR-US: Rockstar Games Launcher
 CVE-2021-47851 (Mini Mouse 9.2.0 contains a remote code execution vulnerability that a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b2cbc08634ca237ae8651dd27d2bfd2cc331774

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b2cbc08634ca237ae8651dd27d2bfd2cc331774
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260122/c539caa7/attachment.htm>

More information about the debian-security-tracker-commits mailing list