[Git][security-tracker-team/security-tracker][master] Try to clarify CVE-2026-0672 and CVE-2026-3644 relation
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 23 17:05:18 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
90a1507c by Salvatore Bonaccorso at 2026-03-23T18:04:11+01:00
Try to clarify CVE-2026-0672 and CVE-2026-3644 relation
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26042,7 +26042,7 @@ CVE-2026-0672 (When using http.cookies.Morsel, user-controlled cookie values and
NOTE: https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca (v3.13.12)
NOTE: https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85 (v3.11.15)
NOTE: https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d (v3.10.20)
- NOTE: Incomplete fix, cf. CVE-2026-0672
+ NOTE: The CVE requires a followup as/relates to CVE-2026-3644
CVE-2025-68133 (EVerest is an EV charging software stack. In versions 2025.9.0 and bel ...)
NOT-FOR-US: EVerest
CVE-2025-66902 (An input validation issue in in Pithikos websocket-server v.0.6.4 allo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90a1507c4f7a185786f8e52de488480a65a966c3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90a1507c4f7a185786f8e52de488480a65a966c3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260323/bb5d4009/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list