[Git][security-tracker-team/security-tracker][master] Update status for unstable for CVE-2026-0846/nltk

Sat Mar 21 16:00:00 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3e82ca55 by Salvatore Bonaccorso at 2026-03-21T16:59:22+01:00
Update status for unstable for CVE-2026-0846/nltk

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5927,8 +5927,12 @@ CVE-2026-24015 (A vulnerability in Apache IoTDB.  This issue affects Apache IoTD
 CVE-2026-21736 (Software installed and run as a non-privileged user may conduct improp ...)
 	NOT-FOR-US: Imagination Technologies
 CVE-2026-0846 (A vulnerability in the `filestring()` function of the `nltk.util` modu ...)
-	- nltk <unfixed>
+	- nltk 3.9.3-1
 	NOTE: https://huntr.com/bounties/007b84f8-418e-4300-99d0-bf504c2f97eb
+	NOTE: https://github.com/nltk/nltk/pull/3485
+	NOTE: Fixed by: https://github.com/nltk/nltk/commit/1fc626969f013bba104a40e5e760b9d67b2994ea (3.9.3)
+	NOTE: Fixed by: https://github.com/nltk/nltk/commit/5c46f3dac7e0eb10ee7d9f7be9fe732b0ec0af25 (3.9.3)
+	NOTE: Sandbox enforement is only opt-in to retain old behaviour (for backward compatibility).
 CVE-2025-70250 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
 	NOT-FOR-US: D-Link
 CVE-2025-70243 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e82ca557754338356b1ac39989d5dac54affb2a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e82ca557754338356b1ac39989d5dac54affb2a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260321/ddfff6f9/attachment.htm>
