[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2025-12084/python3.*: reference regression fix

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Mon Jan 26 09:39:17 GMT 2026 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6cedfb5c by Sylvain Beucler at 2026-01-26T10:39:02+01:00
CVE-2025-12084/python3.*: reference regression fix

- - - - -
bab626b6 by Sylvain Beucler at 2026-01-26T10:39:05+01:00
CVE-2025-12781/python3.9: bullseye ignored

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2033,6 +2033,7 @@ CVE-2025-12781 (When passing data to the b64decode(), standard_b64decode(), and
 	- python3.13 <unfixed>
 	- python3.11 <removed>
 	- python3.9 <removed>
+	[bullseye] - python3.9 <ignored> (Minor issue, no fix, only additional warnings)
 	- pypy3 <unfixed>
 	[trixie] - pypy3 <no-dsa> (Minor issue)
 	[bookworm] - pypy3 <no-dsa> (Minor issue)
@@ -24441,6 +24442,8 @@ CVE-2025-12084 (When building nested elements using xml.dom.minidom methods such
 	NOTE: Fixed by: https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4 (main)
 	NOTE: Fixed by: https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0 (v3.14.2)
 	NOTE: Fixed by: https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964 (v3.13.11)
+	NOTE: Regression: https://github.com/python/cpython/issues/142754
+	NOTE: Regression: https://github.com/python/cpython/commit/1cc7551b3f9f71efbc88d96dce90f82de98b2454 (v3.15.0a3)
 CVE-2024-3884 (A flaw was found in Undertow that can cause remote denial of service a ...)
 	- undertow <unfixed> (bug #1123001)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2275287



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f4d94dcd07e833f217a0ab071bc36f626f562d68...bab626b6b24b8e63cc002a747c786152e24a9d67

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f4d94dcd07e833f217a0ab071bc36f626f562d68...bab626b6b24b8e63cc002a747c786152e24a9d67
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260126/9581bf5a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list