Information on source package jython

Available versions

ReleaseVersion
bullseye2.7.2+repack1-3
bookworm2.7.3+repack1-1
trixie2.7.3+repack1-1
forky2.7.3+repack1-1
sid2.7.3+repack1-1

Open issues

BugbullseyebookwormtrixieforkysidDescription
CVE-2026-0865vulnerablevulnerablevulnerablevulnerablevulnerableUser-controlled header names and values containing newlines can allow ...
CVE-2025-15367vulnerablevulnerablevulnerablevulnerablevulnerableThe poplib module, when passed a user-controlled command, can have add ...
CVE-2025-15366vulnerablevulnerablevulnerablevulnerablevulnerableThe imaplib module, when passed a user-controlled command, can have ad ...
CVE-2025-15282vulnerablevulnerablevulnerablevulnerablevulnerableUser-controlled data URLs parsed by urllib.request.DataHandler allow i ...
CVE-2025-12084vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableWhen building nested elements using xml.dom.minidom methods such as ap ...
CVE-2025-8291vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe 'zipfile' module would not check the validity of the ZIP64 End of ...
CVE-2025-6069vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe html.parser.HTMLParser class had worse-case quadratic complexity w ...
CVE-2019-16935vulnerable (no DSA, ignored)fixedfixedfixedfixedThe documentation XML-RPC server in Python through 2.7.16, 3.x through ...

Open unimportant issues

BugbullseyebookwormtrixieforkysidDescription
CVE-2017-17522vulnerablevulnerablevulnerablevulnerablevulnerableLib/webbrowser.py in Python through 3.6.3 does not validate strings be ...

Resolved issues

BugDescription
CVE-2025-11468When folding a long comment in an email header containing exclusively ...
CVE-2025-4517Allows arbitrary filesystem writes outside the extraction directory du ...
CVE-2025-4435When using a TarFile.errorlevel = 0and extracting with a filter the do ...
CVE-2025-4330Allows the extraction filter to be ignored, allowing symlink targets t ...
CVE-2025-4138Allows the extraction filter to be ignored, allowing symlink targets t ...
CVE-2024-12718Allows modifying some file metadata (e.g. last modified) with filter=" ...
CVE-2016-4000Jython before 2.7.1rc1 allows attackers to execute arbitrary code via ...
CVE-2013-2027Jython 2.2.1 uses the current umask to set the privileges of the class ...

Security announcements

DSA / DLADescription
DSA-3893-1jython - security update
DLA-989-1jython - security update
Search for package or bug name: Reporting problems