Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8fe70486 by Thorsten Alteholz at 2025-06-05T19:54:34+02:00
mark CVEs of jython as EOL in Bullseye
- - - - -
759adeda by Thorsten Alteholz at 2025-06-05T19:56:59+02:00
mark CVEs of python2.7 as EOL in Bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -473,8 +473,10 @@ CVE-2025-4517 (Allows arbitrary filesystem writes outside
the extraction directo
- python3.11 <removed>
- python3.9 <removed>
- python2.7 <removed>
+ [bullseye] - python2.7 <end-of-life> (EOLed in Bullseye)
- jython <unfixed>
[bookworm] - jython <no-dsa> (Minor issue)
+ [bullseye] - jython <end-of-life> (EOLed in Bullseye)
NOTE: https://github.com/python/cpython/issues/135034
NOTE: https://github.com/python/cpython/pull/135037
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
@@ -488,8 +490,10 @@ CVE-2025-4435 (When using a TarFile.errorlevel = 0and
extracting with a filter t
- python3.11 <removed>
- python3.9 <removed>
- python2.7 <removed>
+ [bullseye] - python2.7 <end-of-life> (EOLed in Bullseye)
- jython <unfixed>
[bookworm] - jython <no-dsa> (Minor issue)
+ [bullseye] - jython <end-of-life> (EOLed in Bullseye)
NOTE: https://github.com/python/cpython/issues/135034
NOTE: https://github.com/python/cpython/pull/135037
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
@@ -507,8 +511,10 @@ CVE-2025-4330 (Allows the extraction filter to be ignored,
allowing symlink targ
- python3.11 <removed>
- python3.9 <removed>
- python2.7 <removed>
+ [bullseye] - python2.7 <end-of-life> (EOLed in Bullseye)
- jython <unfixed>
[bookworm] - jython <no-dsa> (Minor issue)
+ [bullseye] - jython <end-of-life> (EOLed in Bullseye)
NOTE: https://github.com/python/cpython/issues/135034
NOTE: https://github.com/python/cpython/pull/135037
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
@@ -524,8 +530,10 @@ CVE-2025-4138 (Allows the extraction filter to be ignored,
allowing symlink targ
- python3.11 <removed>
- python3.9 <removed>
- python2.7 <removed>
+ [bullseye] - python2.7 <end-of-life> (EOLed in Bullseye)
- jython <unfixed>
[bookworm] - jython <no-dsa> (Minor issue)
+ [bullseye] - jython <end-of-life> (EOLed in Bullseye)
NOTE: https://github.com/python/cpython/issues/135034
NOTE: https://github.com/python/cpython/pull/135037
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
@@ -621,8 +629,10 @@ CVE-2024-12718 (Allows modifying some file metadata (e.g.
last modified) with fi
- python3.11 <removed>
- python3.9 <removed>
- python2.7 <removed>
+ [bullseye] - python2.7 <end-of-life> (EOLed in Bullseye)
- jython <unfixed>
[bookworm] - jython <no-dsa> (Minor issue)
+ [bullseye] - jython <end-of-life> (EOLed in Bullseye)
NOTE: https://github.com/python/cpython/issues/135034
NOTE: https://github.com/python/cpython/pull/135037
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e3ca26c09aee8d0f147ca35d4fee13b145a92232...759adedac425db9b96605add5d17391e6b90ff12
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e3ca26c09aee8d0f147ca35d4fee13b145a92232...759adedac425db9b96605add5d17391e6b90ff12
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
