Release | Version |
---|---|
bullseye | 2.7.2+repack1-3 |
bookworm | 2.7.3+repack1-1 |
trixie | 2.7.3+repack1-1 |
sid | 2.7.3+repack1-1 |
Bug | bullseye | bookworm | trixie | sid | Description |
---|---|---|---|---|---|
CVE-2025-6069 | vulnerable | vulnerable (no DSA) | vulnerable | vulnerable | The html.parser.HTMLParser class had worse-case quadratic complexity w ... |
CVE-2019-16935 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | The documentation XML-RPC server in Python through 2.7.16, 3.x through ... |
Bug | bullseye | bookworm | trixie | sid | Description |
---|---|---|---|---|---|
CVE-2017-17522 | vulnerable | vulnerable | vulnerable | vulnerable | Lib/webbrowser.py in Python through 3.6.3 does not validate strings be ... |
Bug | Description |
---|---|
CVE-2025-4517 | Allows arbitrary filesystem writes outside the extraction directory du ... |
CVE-2025-4435 | When using a TarFile.errorlevel = 0and extracting with a filter the do ... |
CVE-2025-4330 | Allows the extraction filter to be ignored, allowing symlink targets t ... |
CVE-2025-4138 | Allows the extraction filter to be ignored, allowing symlink targets t ... |
CVE-2024-12718 | Allows modifying some file metadata (e.g. last modified) with filter=" ... |
CVE-2016-4000 | Jython before 2.7.1rc1 allows attackers to execute arbitrary code via ... |
CVE-2013-2027 | Jython 2.2.1 uses the current umask to set the privileges of the class ... |
DSA / DLA | Description |
---|---|
DSA-3893-1 | jython - security update |
DLA-989-1 | jython - security update |