9 matches found
BIT-PYTHON-2025-12084 Quadratic complexity in node ID cache clearing
When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...
CLSA-2026-1773221551 Fix CVE(s): CVE-2025-12084
SECURITY UPDATE: quadratic complexity in xml.dom.minidom node ID cache clearing leads to denial of service - debian/patches/CVE-2025-12084.patch: Replace quadratic indocument traversal with ownerDocument attribute check in clearidcache; ensure Element and Attr instances have ownerDocument...
SUSE-SU-2026:20374-1 Security update for python311
This update for python311 fixes the following issues: - CVE-2025-12084: prevent quadratic behavior in node ID cache clearing bsc1254997. - CVE-2025-13836: prevent reading an HTTP response from a server, if no read amount is specified, with using Content-Length per default as the length bsc1254400...
SUSE SLED15: libpython3_11-1_0 / libpython3_11-1_0-32bit / python311 / etc (SUSE-SU-2026:0314-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0314-1 advisory. - CVE-2025-12084: prevent quadratic behavior in node ID cache clearing bsc1254997. -...
CLSA-2026-1769509482 python3.9: Fix of CVE-2025-12084
CVE-2025-12084: fix denial-of-service by removing quadratic behavior in xml.dom.minidom node ID cache clearing when building deeply nested documents...
CLSA-2026-1769084959 python3.11: Fix of CVE-2025-12084
CVE-2025-12084: fix denial-of-service by removing quadratic behavior in xml.dom.minidom node ID cache clearing when building deeply nested documents...
CLSA-2026-1769020780 python3.9: Fix of CVE-2025-12084
CVE-2025-12084: fix denial-of-service by removing quadratic behavior in xml.dom.minidom node ID cache clearing when building deeply nested documents...
Security update for python
This update for python fixes the following issues: CVE-2025-8291: check validity of the ZIP64 End of Central Directory EOCD in the 'zipfile' module bsc1251305. CVE-2025-12084: prevent quadratic behavior in node ID cache clearing bsc1254997. CVE-2025-13836: prevent reading an HTTP response from a...
python -- several vulnerabilities
Hugo van Kemenade reports: Python 3.14.2 and 3.13.11 are now available ... and come with some bonus security fixes. gh-142145: Remove quadratic behavior in node ID cache clearing CVE-2025-12084 gh-119451: Fix a potential denial of service in http.client only in 3.13; CVE-2025-13836 gh-119452: Fix...