[Git][security-tracker-team/security-tracker][master] Track fixes for python3.14 issues via unstable

Fri Mar 27 18:15:59 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ccf8151 by Salvatore Bonaccorso at 2026-03-27T19:15:27+01:00
Track fixes for python3.14 issues via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6220,7 +6220,7 @@ CVE-2026-4228 (A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This aff
 CVE-2026-4227 (A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. ...)
 	NOT-FOR-US: LB-LINK BL-WR9000
 CVE-2026-4224 (When an Expat parser with a registered ElementDeclHandler parses an in ...)
-	- python3.14 <unfixed>
+	- python3.14 3.14.3-4
 	- python3.13 <unfixed>
 	- python3.11 <removed>
 	- python3.9 <removed>
@@ -6237,7 +6237,7 @@ CVE-2026-4224 (When an Expat parser with a registered ElementDeclHandler parses
 	NOTE: Fixed by: https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3 (3.14)
 	NOTE: Fixed by: https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a (3.13)
 CVE-2026-3644 (The fix for CVE-2026-0672, which rejected control characters in http.c ...)
-	- python3.14 <unfixed>
+	- python3.14 3.14.3-4
 	- python3.13 <unfixed>
 	- python3.11 <removed>
 	- python3.9 <removed>
@@ -7663,7 +7663,7 @@ CVE-2025-61154 (Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.
 CVE-2025-13913 (A privileged Ignition user, intentionally or otherwise, imports an ext ...)
 	NOT-FOR-US: Inductive Automation Ignition Software
 CVE-2025-13462 (The "tarfile" module would still apply normalization of AREGTYPE (\x00 ...)
-	- python3.14 <unfixed>
+	- python3.14 3.14.3-4
 	- python3.13 <unfixed>
 	- python3.11 <removed>
 	- python3.9 <removed>
@@ -11222,7 +11222,7 @@ CVE-2026-2418 (The Login with Salesforce WordPress plugin through 1.0.2 does not
 CVE-2026-2365 (The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cros ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-2297 (The import hook in CPython that handles legacy *.pyc files (Sourceless ...)
-	- python3.14 <unfixed>
+	- python3.14 3.14.3-4
 	- python3.13 <unfixed>
 	- python3.11 <removed>
 	- python3.9 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ccf8151d6c252e43ca78ff8551d46449dee5fa9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ccf8151d6c252e43ca78ff8551d46449dee5fa9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260327/0e406353/attachment.htm>
