[Bug 2143706] Re: python3 regression CVE-2025-15366, CVE-2025-15367, CVE-2026-0865
Vyom Yadav
2143706 at bugs.launchpad.net
Mon Mar 9 09:55:50 UTC 2026
This has been fixed in 3.12.3-1ubuntu0.12. It also affected:
python3.4 - python3.14 (all source packages patched in
https://ubuntu.com/security/notices/USN-8018-1. Patched in
https://ubuntu.com/security/notices/USN-8018-2
** Changed in: python3.12 (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python3.12 in Ubuntu.
https://bugs.launchpad.net/bugs/2143706
Title:
python3 regression CVE-2025-15366, CVE-2025-15367, CVE-2026-0865
Status in python3.12 package in Ubuntu:
Fix Released
Bug description:
python3.12 3.12.3-1ubuntu0.11 patches CVE-2025-15366, CVE-2025-15367,
CVE-2026-0865.
CVE-2025-15366, CVE-2025-15367 haven't been backported by upstream as
they may introduce behavior regressions and the imaplib patch also
breaks the conformance with the RFC.
CVE-2026-0865 is missing a patch for allowing tab characters:
https://github.com/python/cpython/pull/145140
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python3.12/+bug/2143706/+subscriptions
More information about the foundations-bugs
mailing list