[Bug 2143706] [NEW] python3 regression CVE-2025-15366, CVE-2025-15367, CVE-2026-0865
Vyom Yadav
2143706 at bugs.launchpad.net
Mon Mar 9 09:54:57 UTC 2026
Public bug reported:
python3.12 3.12.3-1ubuntu0.11 patches CVE-2025-15366, CVE-2025-15367,
CVE-2026-0865.
CVE-2025-15366, CVE-2025-15367 haven't been backported by upstream as
they may introduce behavior regressions and the imaplib patch also
breaks the conformance with the RFC.
CVE-2026-0865 is missing a patch for allowing tab characters:
https://github.com/python/cpython/pull/145140
** Affects: python3.12 (Ubuntu)
Importance: Undecided
Assignee: Vyom Yadav (vyomydv)
Status: Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python3.12 in Ubuntu.
https://bugs.launchpad.net/bugs/2143706
Title:
python3 regression CVE-2025-15366, CVE-2025-15367, CVE-2026-0865
Status in python3.12 package in Ubuntu:
Fix Released
Bug description:
python3.12 3.12.3-1ubuntu0.11 patches CVE-2025-15366, CVE-2025-15367,
CVE-2026-0865.
CVE-2025-15366, CVE-2025-15367 haven't been backported by upstream as
they may introduce behavior regressions and the imaplib patch also
breaks the conformance with the RFC.
CVE-2026-0865 is missing a patch for allowing tab characters:
https://github.com/python/cpython/pull/145140
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python3.12/+bug/2143706/+subscriptions
More information about the foundations-bugs
mailing list