| Release | Version |
|---|---|
| bullseye | 2.7.2+repack1-3 |
| bookworm | 2.7.3+repack1-1 |
| trixie | 2.7.3+repack1-1 |
| sid | 2.7.3+repack1-1 |
| Bug | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|
| CVE-2025-6069 | vulnerable | vulnerable (no DSA) | vulnerable | vulnerable | The html.parser.HTMLParser class had worse-case quadratic complexity w ... |
| CVE-2019-16935 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | The documentation XML-RPC server in Python through 2.7.16, 3.x through ... |
| Bug | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|
| CVE-2017-17522 | vulnerable | vulnerable | vulnerable | vulnerable | Lib/webbrowser.py in Python through 3.6.3 does not validate strings be ... |
| Bug | Description |
|---|---|
| CVE-2025-4517 | Allows arbitrary filesystem writes outside the extraction directory du ... |
| CVE-2025-4435 | When using a TarFile.errorlevel = 0and extracting with a filter the do ... |
| CVE-2025-4330 | Allows the extraction filter to be ignored, allowing symlink targets t ... |
| CVE-2025-4138 | Allows the extraction filter to be ignored, allowing symlink targets t ... |
| CVE-2024-12718 | Allows modifying some file metadata (e.g. last modified) with filter=" ... |
| CVE-2016-4000 | Jython before 2.7.1rc1 allows attackers to execute arbitrary code via ... |
| CVE-2013-2027 | Jython 2.2.1 uses the current umask to set the privileges of the class ... |
| DSA / DLA | Description |
|---|---|
| DSA-3893-1 | jython - security update |
| DLA-989-1 | jython - security update |