[Git][security-tracker-team/security-tracker][master] Add CVE-2026-7210/python
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 14 08:08:37 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
949cf035 by Salvatore Bonaccorso at 2026-05-14T09:07:50+02:00
Add CVE-2026-7210/python
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1782,7 +1782,20 @@ CVE-2026-7790 (Uncontrolled Resource Consumption vulnerability in ninenines cowl
CVE-2026-7308 (An authenticated user with upload permission to a hosted repository ca ...)
NOT-FOR-US: Sonatype
CVE-2026-7210 (`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entro ...)
- TODO: check
+ - python3.14 <unfixed>
+ - python3.13 <unfixed>
+ - python3.11 <removed>
+ - python3.9 <removed>
+ - python2.7 <removed>
+ - pypy3 <unfixed>
+ NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/PNY5OMBDPM2FRUZTWFFPJ6LISWKV627K/
+ NOTE: https://github.com/python/cpython/issues/149018
+ NOTE: https://github.com/python/cpython/pull/149023
+ NOTE: https://github.com/python/cpython/commit/24b8f12544468e4cedf5bfbe25442fcd495391e4 (main)
+ NOTE: https://github.com/python/cpython/pull/149645 (3.15)
+ NOTE: https://github.com/python/cpython/pull/149646 (3.14)
+ NOTE: Fully mitigating this vulnerability requires both updating libexpat to
+ NOTE: 2.8.0 or later and applying the python patch for CVE-2026-7210.
CVE-2026-6956 (ATutor is vulnerable to Reflected XSS in/install/install.php endpoint. ...)
NOT-FOR-US: ATutor
CVE-2026-6909 (ATutor is vulnerable to Reflected XSS in/install/upgrade.php endpoint. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/949cf035928e9462665710b6a30a17e9d44360dc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/949cf035928e9462665710b6a30a17e9d44360dc
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260514/aa8cdb4d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list