[Git][security-tracker-team/security-tracker][master] two issues fixed in python3.14 in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed May 6 15:26:20 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b62479e6 by Moritz Muehlenhoff at 2026-05-06T16:26:07+02:00
two issues fixed in python3.14 in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7187,7 +7187,7 @@ CVE-2026-6878 (A vulnerability was identified in ByteDance verl up to 0.7.0. Aff
CVE-2026-6874 (A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. Th ...)
NOT-FOR-US: ericc-ch copilot-api
CVE-2026-6019 (http.cookies.Morsel.js_output() returns an inline <script> snippet and ...)
- - python3.14 <unfixed>
+ - python3.14 3.14.5~rc1-1
- python3.13 <unfixed>
[trixie] - python3.13 <no-dsa> (Minor issue)
- python3.11 <removed>
@@ -7201,7 +7201,7 @@ CVE-2026-6019 (http.cookies.Morsel.js_output() returns an inline <script> snippe
NOTE: https://github.com/python/cpython/issues/90309
NOTE: https://github.com/python/cpython/pull/148848
NOTE: Fixed by: https://github.com/python/cpython/commit/76b3923d688c0efc580658476c5f525ec8735104 (main branch)
- NOTE: Fixed by: https://github.com/python/cpython/commit/f795e042043dfe26c42e1971d4502c1cdc4c65b8 (3.14 branch)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/f795e042043dfe26c42e1971d4502c1cdc4c65b8 (v3.14.5rc1)
NOTE: Fixed by: https://github.com/python/cpython/commit/3c59b8b53fc75c7f9578d16fb8201ceb43e8f76c (3.13 branch)
CVE-2026-5935 (IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9 ...)
NOT-FOR-US: IBM
@@ -12736,7 +12736,7 @@ CVE-2026-6182 (A vulnerability was identified in code-projects Simple Content Ma
NOT-FOR-US: code-projects
CVE-2026-6100 (Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2 ...)
{DLA-4532-1}
- - python3.14 <unfixed>
+ - python3.14 3.14.5~rc1-1
- python3.13 <unfixed>
- python3.11 <removed>
- python3.9 <removed>
@@ -12747,7 +12747,7 @@ CVE-2026-6100 (Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`,
NOTE: https://github.com/python/cpython/issues/148395
NOTE: https://github.com/python/cpython/pull/148396
NOTE: Fixed by: https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2 (main)
- NOTE: Fixed by: https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d (3.14 branch)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d (v3.14.5rc1)
NOTE: Fixed by: https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20 (3.13 branch)
NOTE: Fixed by: https://github.com/python/cpython/commit/e20c6c9667c99ecaab96e1a2b3767082841ffc8b (3.11 branch)
CVE-2026-4810 (A Code Injection and Missing Authentication vulnerability in Google Ag ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b62479e66be988abb78ff09080963953214ba765
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b62479e66be988abb78ff09080963953214ba765
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260506/55c9586e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list