Update OSV records from CVE

sethmlarson · sethmlarson · commit 3d0e8d839d2f · 2025-12-02T07:47:04.000-06:00
diff --git a/advisories/python/PSF-0000-CVE-2025-13836.json b/advisories/python/PSF-0000-CVE-2025-13836.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.5.0",
+  "id": "PSF-0000-CVE-2025-13836",
+  "aliases": [
+    "CVE-2025-13836"
+  ],
+  "published": "2025-12-01T18:02:38.483Z",
+  "modified": "2025-12-01T19:00:52.546Z",
+  "details": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.",
+  "affected": [
+    {
+      "ranges": [
+        {
+          "type": "GIT",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "4ce27904b597c77d74dd93f2c912676021a99155"
+            },
+            {
+              "fixed": "5a4c4a033a4a54481be6870aa1896fad732555b5"
+            }
+          ],
+          "repo": "https://github.com/python/cpython"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "REPORT",
+      "url": "https://github.com/python/cpython/issues/119451"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/python/cpython/pull/119454"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": []
+  }
+}
diff --git a/advisories/python/PSF-0000-CVE-2025-13837.json b/advisories/python/PSF-0000-CVE-2025-13837.json
@@ -0,0 +1,59 @@
+{
+  "schema_version": "1.5.0",
+  "id": "PSF-0000-CVE-2025-13837",
+  "aliases": [
+    "CVE-2025-13837"
+  ],
+  "published": "2025-12-01T18:13:32.739Z",
+  "modified": "2025-12-01T19:00:58.282Z",
+  "details": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues",
+  "affected": [
+    {
+      "ranges": [
+        {
+          "type": "GIT",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "694922cf40aa3a28f898b5f5ee08b71b4922df70"
+            },
+            {
+              "fixed": "71fa8eb8233b37f16c88b6e3e583b461b205d1ba"
+            },
+            {
+              "fixed": "b64441e4852383645af5b435411a6f849dd1b4cb"
+            }
+          ],
+          "repo": "https://github.com/python/cpython"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/python/cpython/pull/119343"
+    },
+    {
+      "type": "REPORT",
+      "url": "https://github.com/python/cpython/issues/119342"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": []
+  }
+}
diff --git a/advisories/python/PSF-2025-13.json b/advisories/python/PSF-2025-13.json
@@ -1,6 +1,6 @@
 {
-  "modified": "2025-10-31T17:55:40Z",
-  "published": "2025-10-31T16:41:34Z",
+  "modified": "2025-12-01T19:01:43.132Z",
+  "published": "2025-10-31T16:41:34.983Z",
   "schema_version": "1.5.0",
   "id": "PSF-2025-13",
   "aliases": [
@@ -33,6 +33,9 @@
             },
             {
               "fixed": "f029e8db626ddc6e3a3beea4eff511a71aaceb5c"
+            },
+            {
+              "fixed": "5dceb93486176e6b4a6d9754491005113eb23427"
             }
           ],
           "repo": "https://github.com/python/cpython"
@@ -72,9 +75,13 @@
     {
       "type": "FIX",
       "url": "https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/python/cpython/commit/5dceb93486176e6b4a6d9754491005113eb23427"
     }
   ],
   "database_specific": {
     "cwe_ids": []
   }
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`		`- "modified": "2025-10-31T17:55:40Z",`
`3`		`- "published": "2025-10-31T16:41:34Z",`
	`2`	`+ "modified": "2025-12-01T19:01:43.132Z",`
	`3`	`+ "published": "2025-10-31T16:41:34.983Z",`
`4`	`4`	`"schema_version": "1.5.0",`
`5`	`5`	`"id": "PSF-2025-13",`
`6`	`6`	`"aliases": [`
`@@ -33,6 +33,9 @@`
`33`	`33`	`},`
`34`	`34`	`{`
`35`	`35`	`"fixed": "f029e8db626ddc6e3a3beea4eff511a71aaceb5c"`
	`36`	`+ },`
	`37`	`+ {`
	`38`	`+ "fixed": "5dceb93486176e6b4a6d9754491005113eb23427"`
`36`	`39`	`}`
`37`	`40`	`],`
`38`	`41`	`"repo": "https://github.com/python/cpython"`
`@@ -72,9 +75,13 @@`
`72`	`75`	`{`
`73`	`76`	`"type": "FIX",`
`74`	`77`	`"url": "https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c"`
	`78`	`+ },`
	`79`	`+ {`
	`80`	`+ "type": "FIX",`
	`81`	`+ "url": "https://github.com/python/cpython/commit/5dceb93486176e6b4a6d9754491005113eb23427"`
`75`	`82`	`}`
`76`	`83`	`],`
`77`	`84`	`"database_specific": {`
`78`	`85`	`"cwe_ids": []`
`79`	`86`	`}`
`80`		`-}`
	`87`	`+}`