diff options
author | Anton Gladky <gladk@debian.org> | 2021-04-03 22:29:44 +0200 |
---|---|---|
committer | Anton Gladky <gladk@debian.org> | 2021-04-03 22:29:44 +0200 |
commit | b9866ff4575e6d5c1751bac77a5bcce7c1d3601c (patch) | |
tree | a35de5627481d45a55c14bc7c971f63cf9343aa2 | |
parent | 0f18c51fd9e20efa72364dc9f80036e7e595228c (diff) |
Update information about CVE-2021-3426
-rw-r--r-- | data/CVE/list.2021 | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 15dc352e0f..648a1fcbdc 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -4366,7 +4366,7 @@ CVE-2021-28374 (The Debian courier-authlib package before 0.71.1-2 for Courier A - courier-authlib 0.71.1-2 (bug #984810) NOTE: Re-introduction of #378571 while migrating from debian/permissions to NOTE: debian/courier-authdaemon.tmpfiles in 0.66.4-2. -CVE-2021-3426 +CVE-2021-3426 (Running `pydoc -p` allows other local users to extract arbitrary files. The `/getfile?key=path` URL allows to read arbitrary file on the filesystem.) RESERVED [experimental] - python3.9 3.9.3-1 - python3.9 <unfixed> @@ -4376,6 +4376,7 @@ CVE-2021-3426 - python3.5 <removed> - python2.7 <not-affected> (Vulnerable code not present) NOTE: https://bugs.python.org/issue42988 + NOTE: https://github.com/python/cpython/commit/9b999479c0022edfc9835a8a1f06e046f3881048 NOTE: https://python-security.readthedocs.io/vuln/pydoc-getfile.html NOTE: https://github.com/python/cpython/pull/24337 NOTE: https://github.com/python/cpython/pull/24285 |