[Git][security-tracker-team/security-tracker][master] Add details for some Python CVEs

Arnaud Rebillout (@arnaudr) arnaudr at debian.org
Mon Mar 30 04:39:47 BST 2026 


Arnaud Rebillout pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f85e6d37 by Arnaud Rebillout at 2026-03-30T10:38:17+07:00
Add details for some Python CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8705,6 +8705,7 @@ CVE-2025-13462 (The "tarfile" module would still apply normalization of AREGTYPE
 	- python2.7 <removed>
 	[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
 	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/EOMI5I66ZMKQ2INNFT6T7IAIKUGPZYIE/
+	NOTE: https://github.com/python/cpython/issues/141707
 	NOTE: https://github.com/python/cpython/pull/143934
 	NOTE: https://github.com/python/cpython/commit/42d754e34c06e57ad6b8e7f92f32af679912d8ab (main)
 	NOTE: https://github.com/python/cpython/commit/7ad3093d76a748af55bdb1d2e8aad3638163b017 (3.14 branch)
@@ -12216,6 +12217,8 @@ CVE-2025-69534 (Python-Markdown version 3.8 contain a vulnerability where malfor
 	NOTE: https://github.com/python/cpython/commit/76c0b01bc401c3e976011bbc69cec56dbebe0ad5 (v3.15.0a1)
 	NOTE: https://github.com/python/cpython/commit/381159b2beabbd6b3c0babe4d7ba7fbdeb23ce06 (v3.14.0b2)
 	NOTE: https://github.com/python/cpython/commit/aa0c3d1098e7fdcc74b753aadf18dd07ddbc76b0 (v3.13.4)
+	NOTE: Backported in older versions in commit titled 'Fix CDATA section parsing ...'
+	NOTE: Asking whether it really needs a backport: https://bugs.debian.org/1131896
 CVE-2025-64166 (Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a ...)
 	NOT-FOR-US: Mercurius
 CVE-2025-45691 (An Arbitrary File Read vulnerability exists in the ImageTextPromptValu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f85e6d3700085be16fe9bc6e12eee3efa28ce097

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f85e6d3700085be16fe9bc6e12eee3efa28ce097
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260330/82fe3f97/attachment.htm>

More information about the debian-security-tracker-commits mailing list