[Git][security-tracker-team/security-tracker][master] Add CVE-2025-13462/python

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 21 07:42:21 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af8ef986 by Salvatore Bonaccorso at 2026-03-21T08:41:57+01:00
Add CVE-2025-13462/python

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3452,7 +3452,16 @@ CVE-2025-61154 (Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.
 CVE-2025-13913 (A privileged Ignition user, intentionally or otherwise, imports an ext ...)
 	NOT-FOR-US: Inductive Automation Ignition Software
 CVE-2025-13462 (The "tarfile" module would still apply normalization of AREGTYPE (\x00 ...)
-	TODO: check
+	- python3.14 <unfixed>
+	- python3.13 <unfixed>
+	- python3.11 <removed>
+	- python3.9 <removed>
+	- python2.7 <removed>
+	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/EOMI5I66ZMKQ2INNFT6T7IAIKUGPZYIE/
+	NOTE: https://github.com/python/cpython/pull/143934
+	NOTE: https://github.com/python/cpython/commit/42d754e34c06e57ad6b8e7f92f32af679912d8ab (main)
+	NOTE: https://github.com/python/cpython/commit/7ad3093d76a748af55bdb1d2e8aad3638163b017 (3.14 branch)
+	NOTE: https://github.com/python/cpython/commit/ae99fe3a33b43e303a05f012815cef60b611a9c7 (3.13 branch)
 CVE-2019-25543 (Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerabi ...)
 	NOT-FOR-US: Netartmedia
 CVE-2019-25542 (Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerabil ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8ef98637a97bd322004c563f8042a553aff0d0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8ef98637a97bd322004c563f8042a553aff0d0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260321/35a8a076/attachment.htm>

More information about the debian-security-tracker-commits mailing list