[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2026-0865/python: regression merged upstream

Mon Mar 23 15:55:51 GMT 2026


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
83cb6191 by Sylvain Beucler at 2026-03-23T16:55:13+01:00
CVE-2026-0865/python: regression merged upstream

- - - - -
71d2813b by Sylvain Beucler at 2026-03-23T16:55:34+01:00
dla: awstats note

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -26005,15 +26005,20 @@ CVE-2026-0865 (User-controlled header names and values containing newlines can a
 	[bookworm] - jython <no-dsa> (Minor issue)
 	[bullseye] - jython <end-of-life> (EOL in bullseye LTS)
 	NOTE: https://github.com/python/cpython/pull/143917
+	NOTE: Regression: https://github.com/python/cpython/pull/144118
 	NOTE: https://github.com/python/cpython/issues/143916
 	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/
 	NOTE: https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211 (main)
-	NOTE: https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510 (3.14-branch)
-	NOTE: https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58 (3.13-branch)
-	NOTE: https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5 (3.12-branch)
-	NOTE: https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995 (3.11-branch)
-	NOTE: https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2 (3.10-branch)
-	NOTE: Regression: https://github.com/python/cpython/pull/144118
+	NOTE: https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510 (v3.14.3)
+	NOTE: https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf (3.14-branch)
+	NOTE: https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58 (v3.13.12)
+	NOTE: https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff (3.13-branch)
+	NOTE: https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5 (v3.12.13)
+	NOTE: https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97 (v3.12.13)
+	NOTE: https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995 (v3.11.15)
+	NOTE: https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f (v3.11.15)
+	NOTE: https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2 (v3.10.20)
+	NOTE: https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219 (v3.10.20)
 	NOTE: wsgiref limited security support: https://github.com/python/cpython/issues/144484
 CVE-2026-0672 (When using http.cookies.Morsel, user-controlled cookie values and para ...)
 	{DLA-4455-1}


=====================================
data/dla-needed.txt
=====================================
@@ -48,8 +48,9 @@ asterisk (slyon)
 --
 awstats (Chris Lamb)
   NOTE: 20260323: Added by Front-Desk (Beuc)
-  NOTE: 20260323: Currently unmaintained but fix is trivial: (Beuc/front-desk)
+  NOTE: 20260323: Currently unmaintained but fix is trivial:
   NOTE: 20260323: https://perldoc.perl.org/perlopentut#Opening-Text-Files-for-Reading
+  NOTE: 20260323: Unfixed in unstable to start there (Beuc/front-desk)
 --
 ca-certificates
   NOTE: 20250613: Added by Front-Desk (rouca)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4cfa39f41e6671b22a7e3101a2187164cc0a63fc...71d2813b477b3c6da88914f67c513aa4e700870a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4cfa39f41e6671b22a7e3101a2187164cc0a63fc...71d2813b477b3c6da88914f67c513aa4e700870a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260323/f2570a71/attachment-0001.htm>
