{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "3.7.17-r2:\n - CVE-2025-13837", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1771329661", "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1771329661" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_alt_python/alpinelinux3.22/advisories/2026/clsa-2026_1771329661.json" } ], "tracking": { "current_release_date": "2026-02-17T12:03:07Z", "generator": { "date": "2026-02-17T12:03:07Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1771329661", "initial_release_date": "2026-02-17T12:03:07Z", "revision_history": [ { "date": "2026-02-17T12:03:07Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "alt-python37: Fix of CVE-2025-13837" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Alpine Linux 3.22", "product": { "name": "Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22", "product_identification_helper": { "cpe": "cpe:2.3:o:alpinelinux:alpine_linux:3.22:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Alpine Linux" } ], "category": "vendor", "name": "Alpine Linux" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "alt-python37-pyc-3.7.17-rr2.x86_64", "product": { "name": "alt-python37-pyc-3.7.17-rr2.x86_64", "product_id": "alt-python37-pyc-3.7.17-rr2.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-pyc@3.7.17-rr2?arch=x86_64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-debug-3.7.17-rr2.x86_64", "product": { "name": "alt-python37-debug-3.7.17-rr2.x86_64", "product_id": "alt-python37-debug-3.7.17-rr2.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-debug@3.7.17-rr2?arch=x86_64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-gdbm-3.7.17-rr2.x86_64", "product": { "name": "alt-python37-gdbm-3.7.17-rr2.x86_64", "product_id": "alt-python37-gdbm-3.7.17-rr2.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-gdbm@3.7.17-rr2?arch=x86_64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "product": { "name": "alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "product_id": "alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-pycache-pyc0@3.7.17-rr2?arch=x86_64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-tests-3.7.17-rr2.x86_64", "product": { "name": "alt-python37-tests-3.7.17-rr2.x86_64", "product_id": "alt-python37-tests-3.7.17-rr2.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-tests@3.7.17-rr2?arch=x86_64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "product": { "name": "alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "product_id": "alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-pycache-pyc1@3.7.17-rr2?arch=x86_64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-doc-3.7.17-rr2.x86_64", "product": { "name": "alt-python37-doc-3.7.17-rr2.x86_64", "product_id": "alt-python37-doc-3.7.17-rr2.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-doc@3.7.17-rr2?arch=x86_64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-3.7.17-rr2.x86_64", "product": { "name": "alt-python37-3.7.17-rr2.x86_64", "product_id": "alt-python37-3.7.17-rr2.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37@3.7.17-rr2?arch=x86_64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-dev-3.7.17-rr2.x86_64", "product": { "name": "alt-python37-dev-3.7.17-rr2.x86_64", "product_id": "alt-python37-dev-3.7.17-rr2.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-dev@3.7.17-rr2?arch=x86_64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "product": { "name": "alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "product_id": "alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-pycache-pyc2@3.7.17-rr2?arch=x86_64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-idle-3.7.17-rr2.x86_64", "product": { "name": "alt-python37-idle-3.7.17-rr2.x86_64", "product_id": "alt-python37-idle-3.7.17-rr2.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-idle@3.7.17-rr2?arch=x86_64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-tkinter-3.7.17-rr2.x86_64", "product": { "name": "alt-python37-tkinter-3.7.17-rr2.x86_64", "product_id": "alt-python37-tkinter-3.7.17-rr2.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-tkinter@3.7.17-rr2?arch=x86_64&os_name=alpine&os_version=3.22" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "alt-python37-pyc-3.7.17-rr2.aarch64", "product": { "name": "alt-python37-pyc-3.7.17-rr2.aarch64", "product_id": "alt-python37-pyc-3.7.17-rr2.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-pyc@3.7.17-rr2?arch=aarch64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-debug-3.7.17-rr2.aarch64", "product": { "name": "alt-python37-debug-3.7.17-rr2.aarch64", "product_id": "alt-python37-debug-3.7.17-rr2.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-debug@3.7.17-rr2?arch=aarch64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-gdbm-3.7.17-rr2.aarch64", "product": { "name": "alt-python37-gdbm-3.7.17-rr2.aarch64", "product_id": "alt-python37-gdbm-3.7.17-rr2.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-gdbm@3.7.17-rr2?arch=aarch64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "product": { "name": "alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "product_id": "alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-pycache-pyc0@3.7.17-rr2?arch=aarch64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-tests-3.7.17-rr2.aarch64", "product": { "name": "alt-python37-tests-3.7.17-rr2.aarch64", "product_id": "alt-python37-tests-3.7.17-rr2.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-tests@3.7.17-rr2?arch=aarch64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "product": { "name": "alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "product_id": "alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-pycache-pyc1@3.7.17-rr2?arch=aarch64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-doc-3.7.17-rr2.aarch64", "product": { "name": "alt-python37-doc-3.7.17-rr2.aarch64", "product_id": "alt-python37-doc-3.7.17-rr2.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-doc@3.7.17-rr2?arch=aarch64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-3.7.17-rr2.aarch64", "product": { "name": "alt-python37-3.7.17-rr2.aarch64", "product_id": "alt-python37-3.7.17-rr2.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37@3.7.17-rr2?arch=aarch64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-dev-3.7.17-rr2.aarch64", "product": { "name": "alt-python37-dev-3.7.17-rr2.aarch64", "product_id": "alt-python37-dev-3.7.17-rr2.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-dev@3.7.17-rr2?arch=aarch64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "product": { "name": "alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "product_id": "alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-pycache-pyc2@3.7.17-rr2?arch=aarch64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-idle-3.7.17-rr2.aarch64", "product": { "name": "alt-python37-idle-3.7.17-rr2.aarch64", "product_id": "alt-python37-idle-3.7.17-rr2.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-idle@3.7.17-rr2?arch=aarch64&os_name=alpine&os_version=3.22" } } }, { "category": "product_version", "name": "alt-python37-tkinter-3.7.17-rr2.aarch64", "product": { "name": "alt-python37-tkinter-3.7.17-rr2.aarch64", "product_id": "alt-python37-tkinter-3.7.17-rr2.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/alt-python37-tkinter@3.7.17-rr2?arch=aarch64&os_name=alpine&os_version=3.22" } } } ], "category": "architecture", "name": "aarch64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "alt-python37-pyc-3.7.17-rr2.x86_64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64" }, "product_reference": "alt-python37-pyc-3.7.17-rr2.x86_64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-pyc-3.7.17-rr2.aarch64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64" }, "product_reference": "alt-python37-pyc-3.7.17-rr2.aarch64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-debug-3.7.17-rr2.x86_64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64" }, "product_reference": "alt-python37-debug-3.7.17-rr2.x86_64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-debug-3.7.17-rr2.aarch64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64" }, "product_reference": "alt-python37-debug-3.7.17-rr2.aarch64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-gdbm-3.7.17-rr2.aarch64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64" }, "product_reference": "alt-python37-gdbm-3.7.17-rr2.aarch64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-gdbm-3.7.17-rr2.x86_64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64" }, "product_reference": "alt-python37-gdbm-3.7.17-rr2.x86_64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-pycache-pyc0-3.7.17-rr2.x86_64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64" }, "product_reference": "alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-pycache-pyc0-3.7.17-rr2.aarch64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64" }, "product_reference": "alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-tests-3.7.17-rr2.aarch64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64" }, "product_reference": "alt-python37-tests-3.7.17-rr2.aarch64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-tests-3.7.17-rr2.x86_64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64" }, "product_reference": "alt-python37-tests-3.7.17-rr2.x86_64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-pycache-pyc1-3.7.17-rr2.aarch64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64" }, "product_reference": "alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-pycache-pyc1-3.7.17-rr2.x86_64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64" }, "product_reference": "alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-doc-3.7.17-rr2.x86_64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64" }, "product_reference": "alt-python37-doc-3.7.17-rr2.x86_64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-doc-3.7.17-rr2.aarch64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64" }, "product_reference": "alt-python37-doc-3.7.17-rr2.aarch64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-3.7.17-rr2.x86_64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64" }, "product_reference": "alt-python37-3.7.17-rr2.x86_64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-3.7.17-rr2.aarch64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64" }, "product_reference": "alt-python37-3.7.17-rr2.aarch64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-dev-3.7.17-rr2.aarch64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64" }, "product_reference": "alt-python37-dev-3.7.17-rr2.aarch64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-dev-3.7.17-rr2.x86_64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64" }, "product_reference": "alt-python37-dev-3.7.17-rr2.x86_64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-pycache-pyc2-3.7.17-rr2.aarch64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64" }, "product_reference": "alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-pycache-pyc2-3.7.17-rr2.x86_64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64" }, "product_reference": "alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-idle-3.7.17-rr2.aarch64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64" }, "product_reference": "alt-python37-idle-3.7.17-rr2.aarch64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-idle-3.7.17-rr2.x86_64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64" }, "product_reference": "alt-python37-idle-3.7.17-rr2.x86_64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-tkinter-3.7.17-rr2.aarch64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64" }, "product_reference": "alt-python37-tkinter-3.7.17-rr2.aarch64", "relates_to_product_reference": "Alpine-Linux-3.22" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-tkinter-3.7.17-rr2.x86_64 as a component of Alpine Linux 3.22", "product_id": "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" }, "product_reference": "alt-python37-tkinter-3.7.17-rr2.x86_64", "relates_to_product_reference": "Alpine-Linux-3.22" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-6597", "cwe": { "id": "CWE-61", "name": "UNIX Symbolic Link (Symlink) Following" }, "notes": [ { "category": "description", "text": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\nThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2023-6597" } ], "release_date": "2024-03-19T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-17T12:01:03.612092Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1771329661", "product_ids": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1771329661" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-27043", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2023-27043" }, { "category": "external", "summary": "http://python.org", "url": "http://python.org/" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/102988", "url": "https://github.com/python/cpython/issues/102988" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/" }, { "category": "external", "summary": "https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html", "url": "https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230601-0003/", "url": "https://security.netapp.com/advisory/ntap-20230601-0003/" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2025/Apr/8", "url": "http://seclists.org/fulldisclosure/2025/Apr/8" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html", "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/" } ], "release_date": "2023-04-19T00:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-17T12:01:03.612092Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1771329661", "product_ids": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1771329661" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-6232", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "notes": [ { "category": "description", "text": "There is a MEDIUM severity vulnerability affecting CPython.\n\n\n\n\n\nRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2024-6232" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4", "url": "https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06", "url": "https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4", "url": "https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d", "url": "https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877", "url": "https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf", "url": "https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373", "url": "https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/121285", "url": "https://github.com/python/cpython/issues/121285" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/121286", "url": "https://github.com/python/cpython/pull/121286" }, { "category": "external", "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/09/03/5", "url": "http://www.openwall.com/lists/oss-security/2024/09/03/5" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20241018-0007/", "url": "https://security.netapp.com/advisory/ntap-20241018-0007/" } ], "release_date": "2024-09-03T13:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-17T12:01:03.612092Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1771329661", "product_ids": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1771329661" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-12084", "cwe": { "id": "CWE-407", "name": "Inefficient Algorithmic Complexity" }, "notes": [ { "category": "description", "text": "When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2025-12084" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0", "url": "https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4", "url": "https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437", "url": "https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af", "url": "https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273", "url": "https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907", "url": "https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d", "url": "https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8", "url": "https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8", "url": "https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0", "url": "https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964", "url": "https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53", "url": "https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/142145", "url": "https://github.com/python/cpython/issues/142145" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/142146", "url": "https://github.com/python/cpython/pull/142146" } ], "release_date": "2025-12-03T19:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-17T12:01:03.612092Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1771329661", "product_ids": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1771329661" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2007-4559", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" }, "notes": [ { "category": "description", "text": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2007-4559" }, { "category": "external", "summary": "http://mail.python.org/pipermail/python-dev/2007-August/074290.html", "url": "http://mail.python.org/pipermail/python-dev/2007-August/074290.html" }, { "category": "external", "summary": "http://mail.python.org/pipermail/python-dev/2007-August/074292.html", "url": "http://mail.python.org/pipermail/python-dev/2007-August/074292.html" }, { "category": "external", "summary": "http://secunia.com/advisories/26623", "url": "http://secunia.com/advisories/26623" }, { "category": "external", "summary": "http://www.vupen.com/english/advisories/2007/3022", "url": "http://www.vupen.com/english/advisories/2007/3022" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=263261", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=263261" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVBB7NU3YIRRDOKLYVN647WPRR3IAKR6/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVBB7NU3YIRRDOKLYVN647WPRR3IAKR6/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FI55PGL47ES3OU2FQPGEHOI2EK3S2OBH/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FI55PGL47ES3OU2FQPGEHOI2EK3S2OBH/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KA4Z44ZAI4SY7THCFBUDNT5EEFO4XQ3A/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KA4Z44ZAI4SY7THCFBUDNT5EEFO4XQ3A/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202309-06", "url": "https://security.gentoo.org/glsa/202309-06" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVBB7NU3YIRRDOKLYVN647WPRR3IAKR6/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVBB7NU3YIRRDOKLYVN647WPRR3IAKR6/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FI55PGL47ES3OU2FQPGEHOI2EK3S2OBH/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FI55PGL47ES3OU2FQPGEHOI2EK3S2OBH/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KA4Z44ZAI4SY7THCFBUDNT5EEFO4XQ3A/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KA4Z44ZAI4SY7THCFBUDNT5EEFO4XQ3A/" } ], "release_date": "2007-08-28T01:17:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-17T12:01:03.612092Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1771329661", "product_ids": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1771329661" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-13837", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "description", "text": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2025-13837" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b", "url": "https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70", "url": "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba", "url": "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb", "url": "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/119342", "url": "https://github.com/python/cpython/issues/119342" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/119343", "url": "https://github.com/python/cpython/pull/119343" }, { "category": "external", "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/" } ], "release_date": "2025-12-01T18:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-17T12:01:03.612092Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1771329661", "product_ids": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1771329661" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-7592", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "description", "text": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2024-7592" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621", "url": "https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/44e458357fca05ca0ae2658d62c8c595b048b5ef", "url": "https://github.com/python/cpython/commit/44e458357fca05ca0ae2658d62c8c595b048b5ef" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06", "url": "https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a", "url": "https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f", "url": "https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774", "url": "https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1", "url": "https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/123067", "url": "https://github.com/python/cpython/issues/123067" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/123075", "url": "https://github.com/python/cpython/pull/123075" }, { "category": "external", "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20241018-0006/", "url": "https://security.netapp.com/advisory/ntap-20241018-0006/" } ], "release_date": "2024-08-19T19:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-17T12:01:03.612092Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1771329661", "product_ids": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1771329661" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-9287", "cwe": { "id": "CWE-428", "name": "Unquoted Search Path or Element" }, "notes": [ { "category": "description", "text": "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie \"./venv/bin/python\") are not affected.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2024-9287" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7", "url": "https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db", "url": "https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8", "url": "https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97", "url": "https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b", "url": "https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483", "url": "https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/124651", "url": "https://github.com/python/cpython/issues/124651" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/124712", "url": "https://github.com/python/cpython/pull/124712" }, { "category": "external", "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html", "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20250425-0006/", "url": "https://security.netapp.com/advisory/ntap-20250425-0006/" } ], "release_date": "2024-10-22T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-17T12:01:03.612092Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1771329661", "product_ids": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1771329661" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-40217", "notes": [ { "category": "description", "text": "An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as \"not connected\" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2023-40217" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html", "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html" }, { "category": "external", "summary": "https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/", "url": "https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20231006-0014/", "url": "https://security.netapp.com/advisory/ntap-20231006-0014/" }, { "category": "external", "summary": "https://www.python.org/dev/security/", "url": "https://www.python.org/dev/security/" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/11/msg00005.html", "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00005.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html" } ], "release_date": "2023-08-25T01:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-17T12:01:03.612092Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1771329661", "product_ids": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2026:1771329661" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-debug-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-dev-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-doc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-gdbm-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-idle-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pyc-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc0-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc1-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-pycache-pyc2-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tests-3.7.17-rr2.x86_64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.aarch64", "Alpine-Linux-3.22:alt-python37-tkinter-3.7.17-rr2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }