diff options
author | Anton Gladky <gladk@debian.org> | 2021-04-03 22:29:44 +0200 |
---|---|---|
committer | Anton Gladky <gladk@debian.org> | 2021-04-03 22:29:44 +0200 |
commit | ff0ea77b0e59f2dc37ee2f996df7edddfb227cbe (patch) | |
tree | a841444b23fafadc7562054536437ebc81cf1a11 | |
parent | 20c6cdbcdbdef1ba9f21655604a6f0a097e96e27 (diff) |
Update information about CVE-2021-3426
-rw-r--r-- | data/CVE/2021.list | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 15dc352e0f..648a1fcbdc 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -4366,7 +4366,7 @@ CVE-2021-28374 (The Debian courier-authlib package before 0.71.1-2 for Courier A - courier-authlib 0.71.1-2 (bug #984810) NOTE: Re-introduction of #378571 while migrating from debian/permissions to NOTE: debian/courier-authdaemon.tmpfiles in 0.66.4-2. -CVE-2021-3426 +CVE-2021-3426 (Running `pydoc -p` allows other local users to extract arbitrary files. The `/getfile?key=path` URL allows to read arbitrary file on the filesystem.) RESERVED [experimental] - python3.9 3.9.3-1 - python3.9 <unfixed> @@ -4376,6 +4376,7 @@ CVE-2021-3426 - python3.5 <removed> - python2.7 <not-affected> (Vulnerable code not present) NOTE: https://bugs.python.org/issue42988 + NOTE: https://github.com/python/cpython/commit/9b999479c0022edfc9835a8a1f06e046f3881048 NOTE: https://python-security.readthedocs.io/vuln/pydoc-getfile.html NOTE: https://github.com/python/cpython/pull/24337 NOTE: https://github.com/python/cpython/pull/24285 |