[Git][security-tracker-team/security-tracker][master] Convert a note to TODO item with the aim to drop it again once clarified

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 30 15:55:05 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b7c4ae37 by Salvatore Bonaccorso at 2026-03-30T16:54:12+02:00
Convert a note to TODO item with the aim to drop it again once clarified

If it should not be backported because it is too risky this can be
reflected as ignored tagged entry with an explanation attached.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12289,8 +12289,7 @@ CVE-2025-69534 (Python-Markdown version 3.8 contain a vulnerability where malfor
 	NOTE: https://github.com/python/cpython/commit/76c0b01bc401c3e976011bbc69cec56dbebe0ad5 (v3.15.0a1)
 	NOTE: https://github.com/python/cpython/commit/381159b2beabbd6b3c0babe4d7ba7fbdeb23ce06 (v3.14.0b2)
 	NOTE: https://github.com/python/cpython/commit/aa0c3d1098e7fdcc74b753aadf18dd07ddbc76b0 (v3.13.4)
-	NOTE: Backported in older versions in commit titled 'Fix CDATA section parsing ...'
-	NOTE: Asking whether it really needs a backport: https://bugs.debian.org/1131896
+	TODO: Asking whether it really needs a backport: https://bugs.debian.org/1131896
 CVE-2025-64166 (Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a ...)
 	NOT-FOR-US: Mercurius
 CVE-2025-45691 (An Arbitrary File Read vulnerability exists in the ImageTextPromptValu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7c4ae378bb6b5e27b8607191601d5179923635f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7c4ae378bb6b5e27b8607191601d5179923635f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260330/d7e4383f/attachment.htm>

More information about the debian-security-tracker-commits mailing list