Attachment #223819 for bug #254780

View | Details | Raw Unified | Return to bug 254780 | Differences between
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="f671c282-95ef-11eb-9c34-080027f515ea">
    <topic>python -- Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem</topic>
    <affects>
      <package>
	<name>python38</name>
	<range><lt>3.8.9</lt></range>
      </package>
      <package>
	<name>python39</name>
	<range><lt>3.9.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>David Schwörer reports:</p>
	<blockquote cite="https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html">
	  <p>
	    Remove the getfile feature of the pydoc module which could be
	    abused to read arbitrary files on the disk (directory traversal
	    vulnerability). Moreover, even source code of Python modules
	    can contain sensitive data like passwords.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-3426</cvename>
      <url>https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html</url>
      <url>https://bugs.python.org/issue42988</url>
    </references>
    <dates>
      <discovery>2021-01-21</discovery>
      <entry>2021-04-05</entry>
    </dates>
  </vuln>

  <vuln vid="1f6d97da-8f72-11eb-b3f1-005056a311d1">
    <topic>samba -- Multiple Vulnerabilities</topic>
    <affects>

Return to bug 254780

Lines 78-83 Notes: Link Here

(-)b/security/vuxml/vuln.xml (+36 lines)
78	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	78	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
79	-->	79	-->
80	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	80	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		81	<vuln vid="f671c282-95ef-11eb-9c34-080027f515ea">
		82	<topic>python -- Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem</topic>
		83	<affects>
		84	<package>
		85	<name>python38</name>
		86	<range><lt>3.8.9</lt></range>
		87	</package>
		88	<package>
		89	<name>python39</name>
		90	<range><lt>3.9.3</lt></range>
		91	</package>
		92	</affects>
		93	<description>
		94	<body xmlns="http://www.w3.org/1999/xhtml">
		95	<p>David Schwörer reports:</p>
		96	<blockquote cite="https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html">
		97	<p>
		98	Remove the getfile feature of the pydoc module which could be
		99	abused to read arbitrary files on the disk (directory traversal
		100	vulnerability). Moreover, even source code of Python modules
		101	can contain sensitive data like passwords.
		102	</p>
		103	</blockquote>
		104	</body>
		105	</description>
		106	<references>
		107	<cvename>CVE-2021-3426</cvename>
		108	<url>https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html</url>
		109	<url>https://bugs.python.org/issue42988</url>
		110	</references>
		111	<dates>
		112	<discovery>2021-01-21</discovery>
		113	<entry>2021-04-05</entry>
		114	</dates>
		115	</vuln>
		116
81	<vuln vid="1f6d97da-8f72-11eb-b3f1-005056a311d1">	117	<vuln vid="1f6d97da-8f72-11eb-b3f1-005056a311d1">
82	<topic>samba -- Multiple Vulnerabilities</topic>	118	<topic>samba -- Multiple Vulnerabilities</topic>
83	<affects>	119	<affects>