{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "* SECURITY UPDATE: ReDoS in tarfile module when parsing specially\n crafted tar archive headers\n - debian/patches/CVE-2024-6232.patch: Remove backtracking from\n tarfile header parsing\n * SECURITY UPDATE: DoS due to quadratic time complexity in http.cookies\n module when parsing quoted cookie values with backslashes\n - debian/patches/CVE-2024-7592.patch: Replace iterative regex search\n with single-pass substitution to eliminate quadratic complexity\n * SECURITY UPDATE: Command injection vulnerability in venv module activation\n scripts when virtual environment paths contain special shell characters\n - debian/patches/CVE-2024-9287.patch: Properly quote template\n strings in venv activation scripts", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_alt_python/debian13/advisories/2025/clsa-2025_1764872306.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1764872306", "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1764872306" } ], "tracking": { "current_release_date": "2025-12-04T18:19:22Z", "generator": { "date": "2025-12-04T18:19:22Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1764872306", "initial_release_date": "2025-12-04T18:19:22Z", "revision_history": [ { "date": "2025-12-04T18:19:22Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "Fix CVE(s): CVE-2024-6232, CVE-2024-7592, CVE-2024-9287" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Debian 13", "product": { "name": "Debian 13", "product_id": "Debian-13", "product_identification_helper": { "cpe": "cpe:2.3:o:debian:debian_linux:13:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Debian" } ], "category": "vendor", "name": "Software in the Public Interest, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "alt-python37-0:3.7.17-5.amd64", "product": { "name": "alt-python37-0:3.7.17-5.amd64", "product_id": "alt-python37-0:3.7.17-5.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python37@3.7.17-5?arch=amd64" } } }, { "category": "product_version", "name": "alt-python37-devel-0:3.7.17-5.amd64", "product": { "name": "alt-python37-devel-0:3.7.17-5.amd64", "product_id": "alt-python37-devel-0:3.7.17-5.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python37-devel@3.7.17-5?arch=amd64" } } }, { "category": "product_version", "name": "alt-python37-debug-0:3.7.17-5.amd64", "product": { "name": "alt-python37-debug-0:3.7.17-5.amd64", "product_id": "alt-python37-debug-0:3.7.17-5.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python37-debug@3.7.17-5?arch=amd64" } } }, { "category": "product_version", "name": "alt-python37-test-0:3.7.17-5.amd64", "product": { "name": "alt-python37-test-0:3.7.17-5.amd64", "product_id": "alt-python37-test-0:3.7.17-5.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python37-test@3.7.17-5?arch=amd64" } } }, { "category": "product_version", "name": "alt-python37-tkinter-0:3.7.17-5.amd64", "product": { "name": "alt-python37-tkinter-0:3.7.17-5.amd64", "product_id": "alt-python37-tkinter-0:3.7.17-5.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python37-tkinter@3.7.17-5?arch=amd64" } } }, { "category": "product_version", "name": "alt-python37-tools-0:3.7.17-5.amd64", "product": { "name": "alt-python37-tools-0:3.7.17-5.amd64", "product_id": "alt-python37-tools-0:3.7.17-5.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python37-tools@3.7.17-5?arch=amd64" } } }, { "category": "product_version", "name": "alt-python37-libs-0:3.7.17-5.amd64", "product": { "name": "alt-python37-libs-0:3.7.17-5.amd64", "product_id": "alt-python37-libs-0:3.7.17-5.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/alt-python37-libs@3.7.17-5?arch=amd64" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "alt-python37-0:3.7.17-5.amd64 as a component of Debian 13", "product_id": "Debian-13:alt-python37-0:3.7.17-5.amd64" }, "product_reference": "alt-python37-0:3.7.17-5.amd64", "relates_to_product_reference": "Debian-13" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-devel-0:3.7.17-5.amd64 as a component of Debian 13", "product_id": "Debian-13:alt-python37-devel-0:3.7.17-5.amd64" }, "product_reference": "alt-python37-devel-0:3.7.17-5.amd64", "relates_to_product_reference": "Debian-13" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-debug-0:3.7.17-5.amd64 as a component of Debian 13", "product_id": "Debian-13:alt-python37-debug-0:3.7.17-5.amd64" }, "product_reference": "alt-python37-debug-0:3.7.17-5.amd64", "relates_to_product_reference": "Debian-13" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-test-0:3.7.17-5.amd64 as a component of Debian 13", "product_id": "Debian-13:alt-python37-test-0:3.7.17-5.amd64" }, "product_reference": "alt-python37-test-0:3.7.17-5.amd64", "relates_to_product_reference": "Debian-13" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-tkinter-0:3.7.17-5.amd64 as a component of Debian 13", "product_id": "Debian-13:alt-python37-tkinter-0:3.7.17-5.amd64" }, "product_reference": "alt-python37-tkinter-0:3.7.17-5.amd64", "relates_to_product_reference": "Debian-13" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-tools-0:3.7.17-5.amd64 as a component of Debian 13", "product_id": "Debian-13:alt-python37-tools-0:3.7.17-5.amd64" }, "product_reference": "alt-python37-tools-0:3.7.17-5.amd64", "relates_to_product_reference": "Debian-13" }, { "category": "default_component_of", "full_product_name": { "name": "alt-python37-libs-0:3.7.17-5.amd64 as a component of Debian 13", "product_id": "Debian-13:alt-python37-libs-0:3.7.17-5.amd64" }, "product_reference": "alt-python37-libs-0:3.7.17-5.amd64", "relates_to_product_reference": "Debian-13" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-9287", "cwe": { "id": "CWE-428", "name": "Unquoted Search Path or Element" }, "notes": [ { "category": "description", "text": "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie \"./venv/bin/python\") are not affected.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-13:alt-python37-0:3.7.17-5.amd64", "Debian-13:alt-python37-debug-0:3.7.17-5.amd64", "Debian-13:alt-python37-devel-0:3.7.17-5.amd64", "Debian-13:alt-python37-libs-0:3.7.17-5.amd64", "Debian-13:alt-python37-test-0:3.7.17-5.amd64", "Debian-13:alt-python37-tkinter-0:3.7.17-5.amd64", "Debian-13:alt-python37-tools-0:3.7.17-5.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2024-9287" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7", "url": "https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db", "url": "https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8", "url": "https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97", "url": "https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b", "url": "https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483", "url": "https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/124651", "url": "https://github.com/python/cpython/issues/124651" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/124712", "url": "https://github.com/python/cpython/pull/124712" }, { "category": "external", "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html", "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20250425-0006/", "url": "https://security.netapp.com/advisory/ntap-20250425-0006/" } ], "release_date": "2024-10-22T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-12-04T18:18:28.600975Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1764872306", "product_ids": [ "Debian-13:alt-python37-0:3.7.17-5.amd64", "Debian-13:alt-python37-debug-0:3.7.17-5.amd64", "Debian-13:alt-python37-devel-0:3.7.17-5.amd64", "Debian-13:alt-python37-libs-0:3.7.17-5.amd64", "Debian-13:alt-python37-test-0:3.7.17-5.amd64", "Debian-13:alt-python37-tkinter-0:3.7.17-5.amd64", "Debian-13:alt-python37-tools-0:3.7.17-5.amd64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1764872306" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Debian-13:alt-python37-0:3.7.17-5.amd64", "Debian-13:alt-python37-debug-0:3.7.17-5.amd64", "Debian-13:alt-python37-devel-0:3.7.17-5.amd64", "Debian-13:alt-python37-libs-0:3.7.17-5.amd64", "Debian-13:alt-python37-test-0:3.7.17-5.amd64", "Debian-13:alt-python37-tkinter-0:3.7.17-5.amd64", "Debian-13:alt-python37-tools-0:3.7.17-5.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-7592", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "description", "text": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-13:alt-python37-0:3.7.17-5.amd64", "Debian-13:alt-python37-debug-0:3.7.17-5.amd64", "Debian-13:alt-python37-devel-0:3.7.17-5.amd64", "Debian-13:alt-python37-libs-0:3.7.17-5.amd64", "Debian-13:alt-python37-test-0:3.7.17-5.amd64", "Debian-13:alt-python37-tkinter-0:3.7.17-5.amd64", "Debian-13:alt-python37-tools-0:3.7.17-5.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2024-7592" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621", "url": "https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/44e458357fca05ca0ae2658d62c8c595b048b5ef", "url": "https://github.com/python/cpython/commit/44e458357fca05ca0ae2658d62c8c595b048b5ef" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06", "url": "https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a", "url": "https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f", "url": "https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774", "url": "https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1", "url": "https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/123067", "url": "https://github.com/python/cpython/issues/123067" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/123075", "url": "https://github.com/python/cpython/pull/123075" }, { "category": "external", "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20241018-0006/", "url": "https://security.netapp.com/advisory/ntap-20241018-0006/" } ], "release_date": "2024-08-19T19:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-12-04T18:18:28.600975Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1764872306", "product_ids": [ "Debian-13:alt-python37-0:3.7.17-5.amd64", "Debian-13:alt-python37-debug-0:3.7.17-5.amd64", "Debian-13:alt-python37-devel-0:3.7.17-5.amd64", "Debian-13:alt-python37-libs-0:3.7.17-5.amd64", "Debian-13:alt-python37-test-0:3.7.17-5.amd64", "Debian-13:alt-python37-tkinter-0:3.7.17-5.amd64", "Debian-13:alt-python37-tools-0:3.7.17-5.amd64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1764872306" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Debian-13:alt-python37-0:3.7.17-5.amd64", "Debian-13:alt-python37-debug-0:3.7.17-5.amd64", "Debian-13:alt-python37-devel-0:3.7.17-5.amd64", "Debian-13:alt-python37-libs-0:3.7.17-5.amd64", "Debian-13:alt-python37-test-0:3.7.17-5.amd64", "Debian-13:alt-python37-tkinter-0:3.7.17-5.amd64", "Debian-13:alt-python37-tools-0:3.7.17-5.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-6232", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "notes": [ { "category": "description", "text": "There is a MEDIUM severity vulnerability affecting CPython.\n\n\n\n\n\nRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Debian-13:alt-python37-0:3.7.17-5.amd64", "Debian-13:alt-python37-debug-0:3.7.17-5.amd64", "Debian-13:alt-python37-devel-0:3.7.17-5.amd64", "Debian-13:alt-python37-libs-0:3.7.17-5.amd64", "Debian-13:alt-python37-test-0:3.7.17-5.amd64", "Debian-13:alt-python37-tkinter-0:3.7.17-5.amd64", "Debian-13:alt-python37-tools-0:3.7.17-5.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-python/cve/CVE-2024-6232" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4", "url": "https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06", "url": "https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4", "url": "https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d", "url": "https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877", "url": "https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf", "url": "https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf" }, { "category": "external", "summary": "https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373", "url": "https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/121285", "url": "https://github.com/python/cpython/issues/121285" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/121286", "url": "https://github.com/python/cpython/pull/121286" }, { "category": "external", "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/09/03/5", "url": "http://www.openwall.com/lists/oss-security/2024/09/03/5" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20241018-0007/", "url": "https://security.netapp.com/advisory/ntap-20241018-0007/" } ], "release_date": "2024-09-03T13:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-12-04T18:18:28.600975Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1764872306", "product_ids": [ "Debian-13:alt-python37-0:3.7.17-5.amd64", "Debian-13:alt-python37-debug-0:3.7.17-5.amd64", "Debian-13:alt-python37-devel-0:3.7.17-5.amd64", "Debian-13:alt-python37-libs-0:3.7.17-5.amd64", "Debian-13:alt-python37-test-0:3.7.17-5.amd64", "Debian-13:alt-python37-tkinter-0:3.7.17-5.amd64", "Debian-13:alt-python37-tools-0:3.7.17-5.amd64" ], "url": "https://cve.tuxcare.com/els-alt-python/releases/CLSA-2025:1764872306" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Debian-13:alt-python37-0:3.7.17-5.amd64", "Debian-13:alt-python37-debug-0:3.7.17-5.amd64", "Debian-13:alt-python37-devel-0:3.7.17-5.amd64", "Debian-13:alt-python37-libs-0:3.7.17-5.amd64", "Debian-13:alt-python37-test-0:3.7.17-5.amd64", "Debian-13:alt-python37-tkinter-0:3.7.17-5.amd64", "Debian-13:alt-python37-tools-0:3.7.17-5.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }