doc(python-3.1[0123]): Add pending-upstream-fix CVE-2025-12084

Vivian Rook · Vivian Rook · commit 6e376b9ef504 · 2025-12-09T11:49:57.000Z
python-3.10 Upstream Fix PR: python/cpython#142213 python-3.11 Upstream Fix PR: python/cpython#142212 python-3.12 Upstream Fix PR: python/cpython#142211 python-3.13 Upstream Fix PR: python/cpython#142210 python-3.13 Local Fix PR: wolfi-dev/os#75288 python-3.14 Upstream Fix PR: python/cpython#142209 python-3.14 Local Fix PR: wolfi-dev/os#75289 Related issues: https://github.com/chainguard-dev/CVE-Dashboard/issues/50689 https://github.com/chainguard-dev/CVE-Dashboard/issues/51027 https://github.com/chainguard-dev/CVE-Dashboard/issues/50150 https://github.com/chainguard-dev/CVE-Dashboard/issues/51032 https://github.com/chainguard-dev/CVE-Dashboard/issues/50978 Signed-off-by: Vivian Rook <vivian.rook@chainguard.dev>
diff --git a/python-3.10.advisories.yaml b/python-3.10.advisories.yaml
@@ -66,6 +66,10 @@ advisories:
             componentType: apk
             componentLocation: /.PKGINFO
             scanner: grype
+      - timestamp: 2025-12-09T11:43:24Z
+        type: pending-upstream-fix
+        data:
+          note: 'Upstream are actively working on, and have a PR open regarding this issue. Upstream maintainers will need to approve and merge the PR. Fix PR: https://github.com/python/cpython/pull/142213'
 
   - id: CGA-5pmm-mmg3-pfp3
     aliases:
diff --git a/python-3.11.advisories.yaml b/python-3.11.advisories.yaml
@@ -162,6 +162,10 @@ advisories:
             componentType: apk
             componentLocation: /.PKGINFO
             scanner: grype
+      - timestamp: 2025-12-09T11:44:14Z
+        type: pending-upstream-fix
+        data:
+          note: 'Upstream are actively working on, and have a PR open regarding this issue. Upstream maintainers will need to approve and merge the PR. Fix PR: https://github.com/python/cpython/pull/142212'
 
   - id: CGA-crq7-9946-pwg9
     aliases:
diff --git a/python-3.12.advisories.yaml b/python-3.12.advisories.yaml
@@ -318,6 +318,10 @@ advisories:
             componentType: apk
             componentLocation: /.PKGINFO
             scanner: grype
+      - timestamp: 2025-12-09T11:45:07Z
+        type: pending-upstream-fix
+        data:
+          note: 'Upstream are actively working on, and have a PR open regarding this issue. Upstream maintainers will need to approve and merge the PR. Fix PR: https://github.com/python/cpython/pull/142211'
 
   - id: CGA-mfwm-8c36-vh8v
     aliases:
diff --git a/python-3.13.advisories.yaml b/python-3.13.advisories.yaml
@@ -21,6 +21,10 @@ advisories:
             componentType: apk
             componentLocation: /.PKGINFO
             scanner: grype
+      - timestamp: 2025-12-09T11:47:38Z
+        type: pending-upstream-fix
+        data:
+          note: 'Upstream has patched this, but has yet to release a new point version including the patch. Awaiting new release. Patch PR: https://github.com/python/cpython/pull/142210 We have included the patch locally in: https://github.com/wolfi-dev/os/pull/75288'
 
   - id: CGA-436m-hqqq-2cjw
     aliases:
diff --git a/python-3.14.advisories.yaml b/python-3.14.advisories.yaml
@@ -43,6 +43,10 @@ advisories:
             componentType: apk
             componentLocation: /.PKGINFO
             scanner: grype
+      - timestamp: 2025-12-09T11:48:53Z
+        type: pending-upstream-fix
+        data:
+          note: 'Upstream has patched this, but has yet to release a new point version including the patch. Awaiting new release. Patch PR: https://github.com/python/cpython/pull/142209 We have included the patch locally in: https://github.com/wolfi-dev/os/pull/75289'
 
   - id: CGA-jfqg-3grj-8wm4
     aliases:
