[Git][security-tracker-team/security-tracker][master] pypdf fixed in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Mar 19 09:03:17 GMT 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
df878923 by Moritz Muehlenhoff at 2026-03-19T09:52:38+01:00
pypdf fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5427,7 +5427,7 @@ CVE-2026-29039 (changedetection.io is a free open source web page change detecti
CVE-2026-29038 (changedetection.io is a free open source web page change detection too ...)
NOT-FOR-US: changedetection.io
CVE-2026-28804 (pypdf is a free and open-source pure-python PDF library. Prior to vers ...)
- - pypdf <unfixed> (bug #1130045)
+ - pypdf 6.9.0-1 (bug #1130045)
- pypdf2 <removed>
NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-9m86-7pmv-2852
NOTE: https://github.com/py-pdf/pypdf/pull/3666
@@ -7898,7 +7898,7 @@ CVE-2026-28355 (Canarytokens help track activity and actions on a network. Versi
CVE-2026-28352 (Indico is an event management system that uses Flask-Multipass, a mult ...)
NOT-FOR-US: Indico
CVE-2026-28351 (pypdf is a free and open-source pure-python PDF library. Prior to vers ...)
- - pypdf <unfixed> (bug #1130043)
+ - pypdf 6.9.0-1 (bug #1130043)
[trixie] - pypdf <no-dsa> (Minor issue)
[bookworm] - pypdf <no-dsa> (Minor issue)
- pypdf2 <removed>
@@ -8632,7 +8632,7 @@ CVE-2026-27899 (WireGuard Portal (or wg-portal) is a web-based configuration por
CVE-2026-27896 (The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC ...)
NOT-FOR-US: Go MCP SDK
CVE-2026-27888 (pypdf is a free and open-source pure-python PDF library. Prior to 6.7. ...)
- - pypdf <unfixed> (bug #1129096)
+ - pypdf 6.9.0-1 (bug #1129096)
- pypdf2 <removed>
NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-x7hp-r3qg-r3cj
NOTE: https://github.com/py-pdf/pypdf/pull/3658
@@ -9212,7 +9212,7 @@ CVE-2026-27632 (Talishar is a fan-made Flesh and Blood project. Prior to commit
CVE-2026-27629 (InvenTree is an Open Source Inventory Management System. Prior to vers ...)
NOT-FOR-US: InvenTree
CVE-2026-27628 (pypdf is a free and open-source pure-python PDF library. Prior to 6.7. ...)
- - pypdf <unfixed> (bug #1130042)
+ - pypdf 6.9.0-1 (bug #1130042)
- pypdf2 <removed>
NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35
NOTE: https://github.com/py-pdf/pypdf/issues/3654
@@ -10797,7 +10797,7 @@ CVE-2026-27112 (Kargo manages and automates the promotion of software artifacts.
CVE-2026-27111 (Kargo manages and automates the promotion of software artifacts. From ...)
NOT-FOR-US: Kargo
CVE-2026-27026 (pypdf is a free and open-source pure-python PDF library. Prior to 6.7. ...)
- - pypdf <unfixed> (bug #1128690)
+ - pypdf 6.9.0-1 (bug #1128690)
- pypdf2 <removed>
[bullseye] - pypdf2 <postponed> (minor issue; DoS)
NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-9mvc-8737-8j8h
@@ -10805,14 +10805,14 @@ CVE-2026-27026 (pypdf is a free and open-source pure-python PDF library. Prior t
NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/7905842d833f899f1d3228af7e7467ad80277016 (6.7.1)
NOTE: Issue uncovered with the fix for CVE-2025-55197
CVE-2026-27025 (pypdf is a free and open-source pure-python PDF library. Prior to 6.7. ...)
- - pypdf <unfixed> (bug #1128656)
+ - pypdf 6.9.0-1 (bug #1128656)
- pypdf2 <removed>
[bullseye] - pypdf2 <postponed> (minor issue; DoS)
NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-wgvp-vg3v-2xq3
NOTE: https://github.com/py-pdf/pypdf/pull/3646
NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/77d7b8d7cfbe8dd179858dfa42666f73fc6e57a2 (6.7.1)
CVE-2026-27024 (pypdf is a free and open-source pure-python PDF library. Prior to 6.7. ...)
- - pypdf <unfixed> (bug #1128654)
+ - pypdf 6.9.0-1 (bug #1128654)
- pypdf2 <removed>
[bullseye] - pypdf2 <postponed> (minor issue; DoS)
NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-996q-pr4m-cvgq
@@ -20993,7 +20993,7 @@ CVE-2026-24793 (Out-of-bounds Write, Buffer Copy without Checking Size of Input
CVE-2026-24771 (Hono is a Web application framework that provides support for any Java ...)
NOT-FOR-US: Hono
CVE-2026-24688 (pypdf is a free and open-source pure-python PDF library. An attacker w ...)
- - pypdf <unfixed> (bug #1126575)
+ - pypdf 6.9.0-1 (bug #1126575)
[trixie] - pypdf <no-dsa> (Minor issue)
[bookworm] - pypdf <no-dsa> (Minor issue)
- pypdf2 <removed>
@@ -28099,7 +28099,7 @@ CVE-2026-22693 (HarfBuzz is a text shaping engine. Prior to version 12.3.0, a nu
NOTE: https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-xvjr-f2r9-c7ww
NOTE: Fixed by: https://github.com/harfbuzz/harfbuzz/commit/1265ff8d990284f04d8768f35b0e20ae5f60daae
CVE-2026-22691 (pypdf is a free and open-source pure-python PDF library. Prior to vers ...)
- - pypdf <unfixed> (bug #1125187)
+ - pypdf 6.9.0-1 (bug #1125187)
[trixie] - pypdf <no-dsa> (Minor issue)
[bookworm] - pypdf <no-dsa> (Minor issue)
- pypdf2 <removed>
@@ -28109,7 +28109,7 @@ CVE-2026-22691 (pypdf is a free and open-source pure-python PDF library. Prior t
NOTE: https://github.com/py-pdf/pypdf/pull/3594
NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45 (6.6.0)
CVE-2026-22690 (pypdf is a free and open-source pure-python PDF library. Prior to vers ...)
- - pypdf <unfixed> (bug #1125187)
+ - pypdf 6.9.0-1 (bug #1125187)
[trixie] - pypdf <no-dsa> (Minor issue)
[bookworm] - pypdf <no-dsa> (Minor issue)
- pypdf2 <removed>
@@ -57531,7 +57531,7 @@ CVE-2025-62713 (Kottster is a self hosted Node.js admin panel. From versions 3.2
CVE-2025-62710 (Sakai is a Collaboration and Learning Environment. Prior to versions 2 ...)
NOT-FOR-US: Sakai
CVE-2025-62708 (pypdf is a free and open-source pure-python PDF library. Prior to vers ...)
- - pypdf <unfixed> (bug #1118756)
+ - pypdf 6.9.0-1 (bug #1118756)
[trixie] - pypdf <no-dsa> (Minor issue)
[bookworm] - pypdf <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-jfx9-29x2-rv3j
@@ -57541,7 +57541,7 @@ CVE-2025-62708 (pypdf is a free and open-source pure-python PDF library. Prior t
NOTE: When fixing this issue make sure to adjust the limits according to the followup
NOTE: GHSA-m449-cwjh-6pw7 / CVE-2025-66019 to not open up CVE-2025-66019
CVE-2025-62707 (pypdf is a free and open-source pure-python PDF library. Prior to vers ...)
- - pypdf <unfixed> (bug #1118755)
+ - pypdf 6.9.0-1 (bug #1118755)
[trixie] - pypdf <no-dsa> (Minor issue)
[bookworm] - pypdf <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-vr63-x8vc-m265
@@ -84007,7 +84007,7 @@ CVE-2025-55199 (Helm is a package manager for Charts for Kubernetes. Prior to ve
CVE-2025-55198 (Helm is a package manager for Charts for Kubernetes. Prior to version ...)
- helm-kubernetes <itp> (bug #910799)
CVE-2025-55197 (pypdf is a free and open-source pure-python PDF library. Prior to vers ...)
- - pypdf <unfixed> (bug #1111139)
+ - pypdf 6.9.0-1 (bug #1111139)
[trixie] - pypdf <no-dsa> (Minor issue)
[bookworm] - pypdf <no-dsa> (Minor issue)
- pypdf2 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df878923e1921160c70647e55e63a7826661e8b5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df878923e1921160c70647e55e63a7826661e8b5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260319/e9831d9c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list