{ "document": { "aggregate_severity": { "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_alt_python/debian12/advisories/2025/clsa-2025_1759247489.json" } ], "tracking": { "current_release_date": "2026-03-16T20:14:22Z", "generator": { "date": "2026-03-16T20:14:22Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1759247489", "initial_release_date": "2025-09-30T15:51:31Z", "revision_history": [ { "date": "2025-09-30T15:51:31Z", "number": "1", "summary": "Initial version" }, { "date": "2025-09-30T17:12:41Z", "number": "2", "summary": "Official Publication" }, { "date": "2025-11-27T18:41:22Z", "number": "3", "summary": "Update document" }, { "date": "2026-03-16T20:14:22Z", "number": "4", "summary": "Update document" } ], "status": "final", "version": "4" }, "title": "Fix of 7 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Debian 12", "product": { "name": "Debian 12", "product_id": "Debian-12", "product_identification_helper": { "cpe": "cpe:2.3:o:debian:debian_linux:12:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Debian" } ], "category": "vendor", "name": "Software in the Public Interest, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "alt-python36-0:3.6.15-14.amd64", "product": { "name": "alt-python36-0:3.6.15-14.amd64", "product_id": "alt-python36-0:3.6.15-14.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python36@3.6.15-14?arch=amd64&os_name=debian&os_version=12" } } }, { "category": "product_version", "name": "alt-python36-tools-0:3.6.15-14.amd64", "product": { "name": "alt-python36-tools-0:3.6.15-14.amd64", "product_id": "alt-python36-tools-0:3.6.15-14.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python36-tools@3.6.15-14?arch=amd64&os_name=debian&os_version=12" } } }, { "category": "product_version", "name": "alt-python36-devel-0:3.6.15-14.amd64", "product": { "name": "alt-python36-devel-0:3.6.15-14.amd64", "product_id": "alt-python36-devel-0:3.6.15-14.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python36-devel@3.6.15-14?arch=amd64&os_name=debian&os_version=12" } } }, { "category": "product_version", "name": "alt-python36-tkinter-0:3.6.15-14.amd64", "product": { "name": "alt-python36-tkinter-0:3.6.15-14.amd64", "product_id": "alt-python36-tkinter-0:3.6.15-14.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python36-tkinter@3.6.15-14?arch=amd64&os_name=debian&os_version=12" } } }, { "category": "product_version", "name": "alt-python36-test-0:3.6.15-14.amd64", "product": { "name": "alt-python36-test-0:3.6.15-14.amd64", "product_id": "alt-python36-test-0:3.6.15-14.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python36-test@3.6.15-14?arch=amd64&os_name=debian&os_version=12" } } }, { "category": "product_version", "name": "alt-python36-libs-0:3.6.15-14.amd64", "product": { "name": "alt-python36-libs-0:3.6.15-14.amd64", "product_id": "alt-python36-libs-0:3.6.15-14.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python36-libs@3.6.15-14?arch=amd64&os_name=debian&os_version=12" } } }, { "category": "product_version", "name": "alt-python36-debug-0:3.6.15-14.amd64", "product": { "name": "alt-python36-debug-0:3.6.15-14.amd64", "product_id": "alt-python36-debug-0:3.6.15-14.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python36-debug@3.6.15-14?arch=amd64&os_name=debian&os_version=12" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "alt-python36-0:3.6.15-14.amd64 as a component of Debian 12", "product_id": "Debian-12:alt-python36-0:3.6.15-14.amd64" }, "product_reference": "alt-python36-0:3.6.15-14.amd64", "relates_to_product_reference": "Debian-12" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python36-tools-0:3.6.15-14.amd64 as a component of Debian 12", "product_id": "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" }, "product_reference": "alt-python36-tools-0:3.6.15-14.amd64", "relates_to_product_reference": "Debian-12" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python36-devel-0:3.6.15-14.amd64 as a component of Debian 12", "product_id": "Debian-12:alt-python36-devel-0:3.6.15-14.amd64" }, "product_reference": "alt-python36-devel-0:3.6.15-14.amd64", "relates_to_product_reference": "Debian-12" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python36-tkinter-0:3.6.15-14.amd64 as a component of Debian 12", "product_id": "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64" }, "product_reference": "alt-python36-tkinter-0:3.6.15-14.amd64", "relates_to_product_reference": "Debian-12" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python36-test-0:3.6.15-14.amd64 as a component of Debian 12", "product_id": "Debian-12:alt-python36-test-0:3.6.15-14.amd64" }, "product_reference": "alt-python36-test-0:3.6.15-14.amd64", "relates_to_product_reference": "Debian-12" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python36-libs-0:3.6.15-14.amd64 as a component of Debian 12", "product_id": "Debian-12:alt-python36-libs-0:3.6.15-14.amd64" }, "product_reference": "alt-python36-libs-0:3.6.15-14.amd64", "relates_to_product_reference": "Debian-12" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python36-debug-0:3.6.15-14.amd64 as a component of Debian 12", "product_id": "Debian-12:alt-python36-debug-0:3.6.15-14.amd64" }, "product_reference": "alt-python36-debug-0:3.6.15-14.amd64", "relates_to_product_reference": "Debian-12" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-24329", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2023-24329" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/102153", "url": "https://github.com/python/cpython/issues/102153" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/99421", "url": "https://github.com/python/cpython/pull/99421" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2NY75GFDZ5T6YPN44D3VMFT5SUVTOTG/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2NY75GFDZ5T6YPN44D3VMFT5SUVTOTG/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GR5US3BYILYJ4SKBV6YBNPRUBAL5P2CN/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GR5US3BYILYJ4SKBV6YBNPRUBAL5P2CN/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H23OSKC6UG6IWOQAUPW74YUHWRWVXJP7/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H23OSKC6UG6IWOQAUPW74YUHWRWVXJP7/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZTLGV2HYFF4AMYJL25VDIGAIHCU7UPA/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZTLGV2HYFF4AMYJL25VDIGAIHCU7UPA/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZEHSXSCMA4WWQKXT6QV7AAR6SWNZ2VP/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZEHSXSCMA4WWQKXT6QV7AAR6SWNZ2VP/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O5SP4RT3RRS434ZS2HQKQJ3VZW7YPKYR/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O5SP4RT3RRS434ZS2HQKQJ3VZW7YPKYR/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHHJHJRLEF3TDT2K3676CAUVRDD4CCMR/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHHJHJRLEF3TDT2K3676CAUVRDD4CCMR/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEUN6T22UJFXR7J5F6UUHCXXPKJ2DVHI/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEUN6T22UJFXR7J5F6UUHCXXPKJ2DVHI/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PURM5CFDABEWAIWZFD2MQ7ZJGCPYSQ44/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PURM5CFDABEWAIWZFD2MQ7ZJGCPYSQ44/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3J5N24ECS4B6MJDRO6UAYU6GPLYBDCL/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3J5N24ECS4B6MJDRO6UAYU6GPLYBDCL/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRQHN7RWJQJHYP6E5EKESOYP5VDSHZG4/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRQHN7RWJQJHYP6E5EKESOYP5VDSHZG4/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RA2MBEEES6L46OD64OBSVUUMGKNGMOWW/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RA2MBEEES6L46OD64OBSVUUMGKNGMOWW/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4IDB5OAR5Y4UK3HLMZBW4WEL2B7YFMJ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4IDB5OAR5Y4UK3HLMZBW4WEL2B7YFMJ/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2MZOJYGFCB5PPT6AKMAU72N7QOYWLBP/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2MZOJYGFCB5PPT6AKMAU72N7QOYWLBP/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UONZWLB4QVLQIY5CPDLEUEKH6WX4VQMC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UONZWLB4QVLQIY5CPDLEUEKH6WX4VQMC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTOAUJNDWZDRWVSXJ354AYZYKRMT56HU/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTOAUJNDWZDRWVSXJ354AYZYKRMT56HU/" }, { "category": "external", "summary": "https://pointernull.com/security/python-url-parse-problem.html", "url": "https://pointernull.com/security/python-url-parse-problem.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230324-0004/", "url": "https://security.netapp.com/advisory/ntap-20230324-0004/" }, { "category": "external", "summary": "https://www.kb.cert.org/vuls/id/127587", "url": "https://www.kb.cert.org/vuls/id/127587" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/11/msg00005.html", "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00005.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html" } ], "release_date": "2023-02-17T15:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-30T15:51:31.110522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1759247489", "product_ids": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1759247489" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2019-9674", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "description", "text": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2019-9674" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00041.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00041.html" }, { "category": "external", "summary": "https://bugs.python.org/issue36260", "url": "https://bugs.python.org/issue36260" }, { "category": "external", "summary": "https://bugs.python.org/issue36462", "url": "https://bugs.python.org/issue36462" }, { "category": "external", "summary": "https://github.com/python/cpython/blob/master/Lib/zipfile.py", "url": "https://github.com/python/cpython/blob/master/Lib/zipfile.py" }, { "category": "external", "summary": "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", "url": "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20200221-0003/", "url": "https://security.netapp.com/advisory/ntap-20200221-0003/" }, { "category": "external", "summary": "https://usn.ubuntu.com/4428-1/", "url": "https://usn.ubuntu.com/4428-1/" }, { "category": "external", "summary": "https://www.python.org/news/security/", "url": "https://www.python.org/news/security/" } ], "release_date": "2020-02-04T15:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-30T15:51:31.110522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1759247489", "product_ids": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1759247489" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-37454", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2022-37454" }, { "category": "external", "summary": "https://csrc.nist.gov/projects/hash-functions/sha-3-project", "url": "https://csrc.nist.gov/projects/hash-functions/sha-3-project" }, { "category": "external", "summary": "https://eprint.iacr.org/2023/331", "url": "https://eprint.iacr.org/2023/331" }, { "category": "external", "summary": "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658", "url": "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html", "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/" }, { "category": "external", "summary": "https://mouha.be/sha-3-buffer-overflow/", "url": "https://mouha.be/sha-3-buffer-overflow/" }, { "category": "external", "summary": "https://news.ycombinator.com/item?id=33281106", "url": "https://news.ycombinator.com/item?id=33281106" }, { "category": "external", "summary": "https://news.ycombinator.com/item?id=35050307", "url": "https://news.ycombinator.com/item?id=35050307" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202305-02", "url": "https://security.gentoo.org/glsa/202305-02" }, { "category": "external", "summary": "https://www.debian.org/security/2022/dsa-5267", "url": "https://www.debian.org/security/2022/dsa-5267" }, { "category": "external", "summary": "https://www.debian.org/security/2022/dsa-5269", "url": "https://www.debian.org/security/2022/dsa-5269" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230203-0001/", "url": "https://security.netapp.com/advisory/ntap-20230203-0001/" } ], "release_date": "2022-10-21T06:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-30T15:51:31.110522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1759247489", "product_ids": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1759247489" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2021-28861", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site ('Open Redirect')" }, "notes": [ { "category": "description", "text": "Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states \"Warning: http.server is not recommended for production. It only implements basic security checks.\"", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2021-28861" }, { "category": "external", "summary": "https://bugs.python.org/issue43223", "url": "https://bugs.python.org/issue43223" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/24848", "url": "https://github.com/python/cpython/pull/24848" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/93879", "url": "https://github.com/python/cpython/pull/93879" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TRINJE3INWDVIHIABW4L2NP3RUSK7BJ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TRINJE3INWDVIHIABW4L2NP3RUSK7BJ/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LTSPFIULY2GZJN3QYNFVM4JSU6H4D6J/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LTSPFIULY2GZJN3QYNFVM4JSU6H4D6J/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OABQ5CMPQETJLFHROAXDIDXCMDTNVYG/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OABQ5CMPQETJLFHROAXDIDXCMDTNVYG/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DISZAFSIQ7IAPAEQTC7G2Z5QUA2V2PSW/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DISZAFSIQ7IAPAEQTC7G2Z5QUA2V2PSW/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPX4XHT2FGVQYLY2STT2MRVENILNZTTU/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPX4XHT2FGVQYLY2STT2MRVENILNZTTU/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I3MQT5ZE3QH5PVDJMERTBOCILHK35CBE/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I3MQT5ZE3QH5PVDJMERTBOCILHK35CBE/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRGKPYA5YHIXQAMRIXO5DSCX7D4UUW4Q/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRGKPYA5YHIXQAMRIXO5DSCX7D4UUW4Q/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLE5INSVJUZJGY5OJXV6JREXWD7UDHYN/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLE5INSVJUZJGY5OJXV6JREXWD7UDHYN/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G66SRWUM36ENQ3X6LAIG7HAB27D4XJ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G66SRWUM36ENQ3X6LAIG7HAB27D4XJ/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZEPOPUFC42KXXSLFPZ47ZZRGPOR7SQE/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZEPOPUFC42KXXSLFPZ47ZZRGPOR7SQE/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X46T4EFTIBXZRYTGASBDEZGYJINH2OWV/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X46T4EFTIBXZRYTGASBDEZGYJINH2OWV/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202305-02", "url": "https://security.gentoo.org/glsa/202305-02" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html", "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html" } ], "release_date": "2022-08-23T01:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-30T15:51:31.110522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1759247489", "product_ids": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1759247489" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-6232", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "notes": [ { "category": "description", "text": "There is a MEDIUM severity vulnerability affecting CPython.\n\n\n\n\n\nRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2024-6232" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4", "url": "https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06", "url": "https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4", "url": "https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d", "url": "https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877", "url": "https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf", "url": "https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373", "url": "https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/121285", "url": "https://github.com/python/cpython/issues/121285" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/121286", "url": "https://github.com/python/cpython/pull/121286" }, { "category": "external", "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/09/03/5", "url": "http://www.openwall.com/lists/oss-security/2024/09/03/5" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20241018-0007/", "url": "https://security.netapp.com/advisory/ntap-20241018-0007/" } ], "release_date": "2024-09-03T13:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-30T15:51:31.110522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1759247489", "product_ids": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1759247489" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-7592", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "description", "text": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2024-7592" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621", "url": "https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/44e458357fca05ca0ae2658d62c8c595b048b5ef", "url": "https://github.com/python/cpython/commit/44e458357fca05ca0ae2658d62c8c595b048b5ef" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06", "url": "https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a", "url": "https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f", "url": "https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774", "url": "https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1", "url": "https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/123067", "url": "https://github.com/python/cpython/issues/123067" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/123075", "url": "https://github.com/python/cpython/pull/123075" }, { "category": "external", "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20241018-0006/", "url": "https://security.netapp.com/advisory/ntap-20241018-0006/" } ], "release_date": "2024-08-19T19:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-30T15:51:31.110522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1759247489", "product_ids": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1759247489" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-9287", "cwe": { "id": "CWE-428", "name": "Unquoted Search Path or Element" }, "notes": [ { "category": "description", "text": "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie \"./venv/bin/python\") are not affected.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2024-9287" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7", "url": "https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db", "url": "https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8", "url": "https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97", "url": "https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b", "url": "https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483", "url": "https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/124651", "url": "https://github.com/python/cpython/issues/124651" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/124712", "url": "https://github.com/python/cpython/pull/124712" }, { "category": "external", "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html", "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20250425-0006/", "url": "https://security.netapp.com/advisory/ntap-20250425-0006/" } ], "release_date": "2024-10-22T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-30T15:51:31.110522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1759247489", "product_ids": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1759247489" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2019-17514", "cwe": { "id": "CWE-682", "name": "Incorrect Calculation" }, "notes": [ { "category": "description", "text": "library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated \"finds all the pathnames matching a specified pattern according to the rules used by the Unix shell,\" one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2019-17514" }, { "category": "external", "summary": "https://bugs.python.org/issue33275", "url": "https://bugs.python.org/issue33275" }, { "category": "external", "summary": "https://github.com/bminor/bash/blob/ac50fbac377e32b98d2de396f016ea81e8ee9961/pathexp.c#L380", "url": "https://github.com/bminor/bash/blob/ac50fbac377e32b98d2de396f016ea81e8ee9961/pathexp.c#L380" }, { "category": "external", "summary": "https://github.com/bminor/bash/blob/ac50fbac377e32b98d2de396f016ea81e8ee9961/pathexp.c#L405", "url": "https://github.com/bminor/bash/blob/ac50fbac377e32b98d2de396f016ea81e8ee9961/pathexp.c#L405" }, { "category": "external", "summary": "https://pubs.acs.org/doi/full/10.1021/acs.orglett.9b03216", "url": "https://pubs.acs.org/doi/full/10.1021/acs.orglett.9b03216" }, { "category": "external", "summary": "https://pubs.acs.org/doi/suppl/10.1021/acs.orglett.9b03216/suppl_file/ol9b03216_si_002.zip", "url": "https://pubs.acs.org/doi/suppl/10.1021/acs.orglett.9b03216/suppl_file/ol9b03216_si_002.zip" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20191107-0005/", "url": "https://security.netapp.com/advisory/ntap-20191107-0005/" }, { "category": "external", "summary": "https://twitter.com/LucasCMoore/status/1181615421922824192", "url": "https://twitter.com/LucasCMoore/status/1181615421922824192" }, { "category": "external", "summary": "https://twitter.com/chris_bloke/status/1181997278136958976", "url": "https://twitter.com/chris_bloke/status/1181997278136958976" }, { "category": "external", "summary": "https://usn.ubuntu.com/4428-1/", "url": "https://usn.ubuntu.com/4428-1/" }, { "category": "external", "summary": "https://web.archive.org/web/20150822013622/https://docs.python.org/3/library/glob.html", "url": "https://web.archive.org/web/20150822013622/https://docs.python.org/3/library/glob.html" }, { "category": "external", "summary": "https://web.archive.org/web/20150906020027/https://docs.python.org/2.7/library/glob.html", "url": "https://web.archive.org/web/20150906020027/https://docs.python.org/2.7/library/glob.html" }, { "category": "external", "summary": "https://web.archive.org/web/20160309211341/https://docs.python.org/3/library/glob.html", "url": "https://web.archive.org/web/20160309211341/https://docs.python.org/3/library/glob.html" }, { "category": "external", "summary": "https://web.archive.org/web/20160526201356/https://docs.python.org/2.7/library/glob.html", "url": "https://web.archive.org/web/20160526201356/https://docs.python.org/2.7/library/glob.html" }, { "category": "external", "summary": "https://www.vice.com/en_us/article/zmjwda/a-code-glitch-may-have-caused-errors-in-more-than-100-published-studies", "url": "https://www.vice.com/en_us/article/zmjwda/a-code-glitch-may-have-caused-errors-in-more-than-100-published-studies" } ], "release_date": "2019-10-12T13:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-30T15:51:31.110522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1759247489", "product_ids": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1759247489" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-45061", "cwe": { "id": "CWE-407", "name": "Inefficient Algorithmic Complexity" }, "notes": [ { "category": "description", "text": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2022-45061" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/98433", "url": "https://github.com/python/cpython/issues/98433" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202305-02", "url": "https://security.gentoo.org/glsa/202305-02" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20221209-0007/", "url": "https://security.netapp.com/advisory/ntap-20221209-0007/" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html", "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html" } ], "release_date": "2022-11-09T07:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-30T15:51:31.110522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1759247489", "product_ids": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1759247489" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Debian-12:alt-python36-0:3.6.15-14.amd64", "Debian-12:alt-python36-debug-0:3.6.15-14.amd64", "Debian-12:alt-python36-devel-0:3.6.15-14.amd64", "Debian-12:alt-python36-libs-0:3.6.15-14.amd64", "Debian-12:alt-python36-test-0:3.6.15-14.amd64", "Debian-12:alt-python36-tkinter-0:3.6.15-14.amd64", "Debian-12:alt-python36-tools-0:3.6.15-14.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }