ELA-1492-1 python-setuptools security update
ELA-1493-1 libphp-adodb security update
ELA-1492-1 python-setuptools security update
Package : python-setuptools
Version : 33.1.1-1+deb9u1 (stretch), 40.8.0-1+deb10u1 (buster)
Related CVEs :
CVE-2022-40897
CVE-2024-6345
CVE-2025-47273
Multiple vulnerabilities have been fixed in the Python setuptools package.
setuptools is a package that allows users to download, build, install, upgrade,
and uninstall Python packages.
CVE-2022-40897
Regular Expression Denial of Service (ReDoS) in package_index.py.
CVE-2024-6345
A vulnerability in the package_index module allows for remote code
execution via its download functions. These functions, which are used to
download packages from URLs provided by users or retrieved from package
index servers, are susceptible to code injection. If these functions are
exposed to user-controlled inputs, such as package URLs, they can execute
arbitrary commands on the system.
CVE-2025-47273
A path traversal vulnerability in PackageIndex. An attacker would be
allowed to write files to arbitrary locations on the filesystem with the
permissions of the process running the Python code, which could escalate to
remote code execution depending on the context.
ELA-1492-1 python-setuptools security update
ELA-1493-1 libphp-adodb security update
Package : libphp-adodb
Version : 5.20.9-1+deb9u2 (stretch)
Related CVEs :
CVE-2025-46337
SQL injection in the PostgreSQL driver has been fixed in the ADOdb database access library for PHP.ELA-1493-1 libphp-adodb security update
