Update information about CVE-2021-3426

author: Anton Gladky <gladk@debian.org> 2021-04-03 22:29:44 +0200
committer: Anton Gladky <gladk@debian.org> 2021-04-03 22:29:44 +0200
commit: b9866ff4575e6d5c1751bac77a5bcce7c1d3601c (patch)
tree: a35de5627481d45a55c14bc7c971f63cf9343aa2
parent: 0f18c51fd9e20efa72364dc9f80036e7e595228c (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 15dc352e0f..648a1fcbdc 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -4366,7 +4366,7 @@ CVE-2021-28374 (The Debian courier-authlib package before 0.71.1-2 for Courier A
 	- courier-authlib 0.71.1-2 (bug #984810)
 	NOTE: Re-introduction of #378571 while migrating from debian/permissions to
 	NOTE: debian/courier-authdaemon.tmpfiles in 0.66.4-2.
-CVE-2021-3426
+CVE-2021-3426 (Running `pydoc -p` allows other local users to extract arbitrary files. The `/getfile?key=path` URL allows to read arbitrary file on the filesystem.)
 	RESERVED
 	[experimental] - python3.9 3.9.3-1
 	- python3.9 <unfixed>
@@ -4376,6 +4376,7 @@ CVE-2021-3426
 	- python3.5 <removed>
 	- python2.7 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.python.org/issue42988
+	NOTE: https://github.com/python/cpython/commit/9b999479c0022edfc9835a8a1f06e046f3881048
 	NOTE: https://python-security.readthedocs.io/vuln/pydoc-getfile.html
 	NOTE: https://github.com/python/cpython/pull/24337
 	NOTE: https://github.com/python/cpython/pull/24285
author	Anton Gladky <gladk@debian.org>	2021-04-03 22:29:44 +0200
committer	Anton Gladky <gladk@debian.org>	2021-04-03 22:29:44 +0200
commit	b9866ff4575e6d5c1751bac77a5bcce7c1d3601c (patch)
tree	a35de5627481d45a55c14bc7c971f63cf9343aa2
parent	0f18c51fd9e20efa72364dc9f80036e7e595228c (diff)