{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"jython security update", "category":"general", "title":"Synopsis" }, { "text":"An update for jython is now available for openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS", "category":"general", "title":"Summary" }, { "text":"Jython is an implementation of the high-level, dynamic, object-oriented language Python seamlessly integrated with the Java platform. The predecessor to Jython, JPython, is certified as 100% Pure Java. Jython is freely available for both commercial and non-commercial use and is distributed with source code. Jython is complementary to Java and is especially suited for the following tasks: Embedded scripting - Java programmers can add the Jython libraries to their system to allow end users to write simple or complicated scripts that add functionality to the application. Interactive experimentation - Jython provides an interactive interpreter that can be used to interact with Java packages or with running Java applications. This allows programmers to experiment and debug any Java system using Jython. Rapid application development - Python programs are typically 2-10X shorter than the equivalent Java program. This translates directly to increased programmer productivity. The seamless interaction between Python and Java allows developers to freely mix the two languages both during development and in shipping products.\n\nSecurity Fix(es):\n\nPython is an open source, object-oriented programming language from the Python Foundation. This language has the characteristics of scalability, supporting modules and packages, and supporting multiple platforms.\n There is a security vulnerability in Python that originates from the secondary complexity problem when handling specially crafted malformed inputs, which may lead to a denial of service attack.(CVE-2025-6069)", "category":"general", "title":"Description" }, { "text":"An update for jython is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"jython", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-1758", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1758" }, { "summary":"CVE-2025-6069", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-6069&packageName=jython" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6069" }, { "summary":"openEuler-SA-2025-1758 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-1758.json" } ], "title":"An update for jython is now available for openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS", "tracking":{ "initial_release_date":"2025-07-11T20:20:03+08:00", "revision_history":[ { "date":"2025-07-11T20:20:03+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-07-11T20:20:03+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-07-11T20:20:03+08:00", "id":"openEuler-SA-2025-1758", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"openEuler-24.03-LTS-SP1", "name":"openEuler-24.03-LTS-SP1" }, "name":"openEuler-24.03-LTS-SP1", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"openEuler-24.03-LTS-SP2", "name":"openEuler-24.03-LTS-SP2" }, "name":"openEuler-24.03-LTS-SP2", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openEuler-20.03-LTS-SP4", "name":"openEuler-20.03-LTS-SP4" }, "name":"openEuler-20.03-LTS-SP4", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"openEuler-22.03-LTS-SP3", "name":"openEuler-22.03-LTS-SP3" }, "name":"openEuler-22.03-LTS-SP3", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"openEuler-22.03-LTS-SP4", "name":"openEuler-22.03-LTS-SP4" }, "name":"openEuler-22.03-LTS-SP4", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" } ], "category":"product_name" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"jython-2.7.1-3.oe2403sp1.noarch.rpm", "name":"jython-2.7.1-3.oe2403sp1.noarch.rpm" }, "name":"jython-2.7.1-3.oe2403sp1.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"jython-demo-2.7.1-3.oe2403sp1.noarch.rpm", "name":"jython-demo-2.7.1-3.oe2403sp1.noarch.rpm" }, "name":"jython-demo-2.7.1-3.oe2403sp1.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"jython-javadoc-2.7.1-3.oe2403sp1.noarch.rpm", "name":"jython-javadoc-2.7.1-3.oe2403sp1.noarch.rpm" }, "name":"jython-javadoc-2.7.1-3.oe2403sp1.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"jython-2.7.1-3.oe2403sp2.noarch.rpm", "name":"jython-2.7.1-3.oe2403sp2.noarch.rpm" }, "name":"jython-2.7.1-3.oe2403sp2.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"jython-demo-2.7.1-3.oe2403sp2.noarch.rpm", "name":"jython-demo-2.7.1-3.oe2403sp2.noarch.rpm" }, "name":"jython-demo-2.7.1-3.oe2403sp2.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"jython-javadoc-2.7.1-3.oe2403sp2.noarch.rpm", "name":"jython-javadoc-2.7.1-3.oe2403sp2.noarch.rpm" }, "name":"jython-javadoc-2.7.1-3.oe2403sp2.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"jython-2.7.1-3.oe2003sp4.noarch.rpm", "name":"jython-2.7.1-3.oe2003sp4.noarch.rpm" }, "name":"jython-2.7.1-3.oe2003sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"jython-demo-2.7.1-3.oe2003sp4.noarch.rpm", "name":"jython-demo-2.7.1-3.oe2003sp4.noarch.rpm" }, "name":"jython-demo-2.7.1-3.oe2003sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"jython-javadoc-2.7.1-3.oe2003sp4.noarch.rpm", "name":"jython-javadoc-2.7.1-3.oe2003sp4.noarch.rpm" }, "name":"jython-javadoc-2.7.1-3.oe2003sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"jython-2.7.1-3.oe2203sp3.noarch.rpm", "name":"jython-2.7.1-3.oe2203sp3.noarch.rpm" }, "name":"jython-2.7.1-3.oe2203sp3.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"jython-demo-2.7.1-3.oe2203sp3.noarch.rpm", "name":"jython-demo-2.7.1-3.oe2203sp3.noarch.rpm" }, "name":"jython-demo-2.7.1-3.oe2203sp3.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"jython-javadoc-2.7.1-3.oe2203sp3.noarch.rpm", "name":"jython-javadoc-2.7.1-3.oe2203sp3.noarch.rpm" }, "name":"jython-javadoc-2.7.1-3.oe2203sp3.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"jython-2.7.1-3.oe2203sp4.noarch.rpm", "name":"jython-2.7.1-3.oe2203sp4.noarch.rpm" }, "name":"jython-2.7.1-3.oe2203sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"jython-demo-2.7.1-3.oe2203sp4.noarch.rpm", "name":"jython-demo-2.7.1-3.oe2203sp4.noarch.rpm" }, "name":"jython-demo-2.7.1-3.oe2203sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"jython-javadoc-2.7.1-3.oe2203sp4.noarch.rpm", "name":"jython-javadoc-2.7.1-3.oe2203sp4.noarch.rpm" }, "name":"jython-javadoc-2.7.1-3.oe2203sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"jython-2.7.1-3.oe2403.noarch.rpm", "name":"jython-2.7.1-3.oe2403.noarch.rpm" }, "name":"jython-2.7.1-3.oe2403.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"jython-demo-2.7.1-3.oe2403.noarch.rpm", "name":"jython-demo-2.7.1-3.oe2403.noarch.rpm" }, "name":"jython-demo-2.7.1-3.oe2403.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"jython-javadoc-2.7.1-3.oe2403.noarch.rpm", "name":"jython-javadoc-2.7.1-3.oe2403.noarch.rpm" }, "name":"jython-javadoc-2.7.1-3.oe2403.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"jython-2.7.1-3.oe2403sp1.src.rpm", "name":"jython-2.7.1-3.oe2403sp1.src.rpm" }, "name":"jython-2.7.1-3.oe2403sp1.src.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"jython-2.7.1-3.oe2403sp2.src.rpm", "name":"jython-2.7.1-3.oe2403sp2.src.rpm" }, "name":"jython-2.7.1-3.oe2403sp2.src.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"jython-2.7.1-3.oe2003sp4.src.rpm", "name":"jython-2.7.1-3.oe2003sp4.src.rpm" }, "name":"jython-2.7.1-3.oe2003sp4.src.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"jython-2.7.1-3.oe2203sp3.src.rpm", "name":"jython-2.7.1-3.oe2203sp3.src.rpm" }, "name":"jython-2.7.1-3.oe2203sp3.src.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"jython-2.7.1-3.oe2203sp4.src.rpm", "name":"jython-2.7.1-3.oe2203sp4.src.rpm" }, "name":"jython-2.7.1-3.oe2203sp4.src.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"jython-2.7.1-3.oe2403.src.rpm", "name":"jython-2.7.1-3.oe2403.src.rpm" }, "name":"jython-2.7.1-3.oe2403.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"jython-2.7.1-3.oe2403sp1.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:jython-2.7.1-3.oe2403sp1.noarch", "name":"jython-2.7.1-3.oe2403sp1.noarch as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"jython-demo-2.7.1-3.oe2403sp1.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:jython-demo-2.7.1-3.oe2403sp1.noarch", "name":"jython-demo-2.7.1-3.oe2403sp1.noarch as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"jython-javadoc-2.7.1-3.oe2403sp1.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:jython-javadoc-2.7.1-3.oe2403sp1.noarch", "name":"jython-javadoc-2.7.1-3.oe2403sp1.noarch as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"jython-2.7.1-3.oe2403sp2.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:jython-2.7.1-3.oe2403sp2.noarch", "name":"jython-2.7.1-3.oe2403sp2.noarch as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"jython-demo-2.7.1-3.oe2403sp2.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:jython-demo-2.7.1-3.oe2403sp2.noarch", "name":"jython-demo-2.7.1-3.oe2403sp2.noarch as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"jython-javadoc-2.7.1-3.oe2403sp2.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:jython-javadoc-2.7.1-3.oe2403sp2.noarch", "name":"jython-javadoc-2.7.1-3.oe2403sp2.noarch as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"jython-2.7.1-3.oe2003sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:jython-2.7.1-3.oe2003sp4.noarch", "name":"jython-2.7.1-3.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"jython-demo-2.7.1-3.oe2003sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:jython-demo-2.7.1-3.oe2003sp4.noarch", "name":"jython-demo-2.7.1-3.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"jython-javadoc-2.7.1-3.oe2003sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:jython-javadoc-2.7.1-3.oe2003sp4.noarch", "name":"jython-javadoc-2.7.1-3.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"jython-2.7.1-3.oe2203sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:jython-2.7.1-3.oe2203sp3.noarch", "name":"jython-2.7.1-3.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"jython-demo-2.7.1-3.oe2203sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:jython-demo-2.7.1-3.oe2203sp3.noarch", "name":"jython-demo-2.7.1-3.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"jython-javadoc-2.7.1-3.oe2203sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:jython-javadoc-2.7.1-3.oe2203sp3.noarch", "name":"jython-javadoc-2.7.1-3.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"jython-2.7.1-3.oe2203sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:jython-2.7.1-3.oe2203sp4.noarch", "name":"jython-2.7.1-3.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"jython-demo-2.7.1-3.oe2203sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:jython-demo-2.7.1-3.oe2203sp4.noarch", "name":"jython-demo-2.7.1-3.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"jython-javadoc-2.7.1-3.oe2203sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:jython-javadoc-2.7.1-3.oe2203sp4.noarch", "name":"jython-javadoc-2.7.1-3.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"jython-2.7.1-3.oe2403.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:jython-2.7.1-3.oe2403.noarch", "name":"jython-2.7.1-3.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"jython-demo-2.7.1-3.oe2403.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:jython-demo-2.7.1-3.oe2403.noarch", "name":"jython-demo-2.7.1-3.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"jython-javadoc-2.7.1-3.oe2403.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:jython-javadoc-2.7.1-3.oe2403.noarch", "name":"jython-javadoc-2.7.1-3.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"jython-2.7.1-3.oe2403sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:jython-2.7.1-3.oe2403sp1.src", "name":"jython-2.7.1-3.oe2403sp1.src as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"jython-2.7.1-3.oe2403sp2.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:jython-2.7.1-3.oe2403sp2.src", "name":"jython-2.7.1-3.oe2403sp2.src as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"jython-2.7.1-3.oe2003sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:jython-2.7.1-3.oe2003sp4.src", "name":"jython-2.7.1-3.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"jython-2.7.1-3.oe2203sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:jython-2.7.1-3.oe2203sp3.src", "name":"jython-2.7.1-3.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"jython-2.7.1-3.oe2203sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:jython-2.7.1-3.oe2203sp4.src", "name":"jython-2.7.1-3.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"jython-2.7.1-3.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:jython-2.7.1-3.oe2403.src", "name":"jython-2.7.1-3.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-6069", "notes":[ { "text":"Python is an open source, object-oriented programming language from the Python Foundation. This language has the characteristics of scalability, supporting modules and packages, and supporting multiple platforms.\n There is a security vulnerability in Python that originates from the secondary complexity problem when handling specially crafted malformed inputs, which may lead to a denial of service attack.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:jython-2.7.1-3.oe2403sp1.noarch", "openEuler-24.03-LTS-SP1:jython-demo-2.7.1-3.oe2403sp1.noarch", "openEuler-24.03-LTS-SP1:jython-javadoc-2.7.1-3.oe2403sp1.noarch", "openEuler-24.03-LTS-SP2:jython-2.7.1-3.oe2403sp2.noarch", "openEuler-24.03-LTS-SP2:jython-demo-2.7.1-3.oe2403sp2.noarch", "openEuler-24.03-LTS-SP2:jython-javadoc-2.7.1-3.oe2403sp2.noarch", "openEuler-20.03-LTS-SP4:jython-2.7.1-3.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:jython-demo-2.7.1-3.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:jython-javadoc-2.7.1-3.oe2003sp4.noarch", "openEuler-22.03-LTS-SP3:jython-2.7.1-3.oe2203sp3.noarch", "openEuler-22.03-LTS-SP3:jython-demo-2.7.1-3.oe2203sp3.noarch", "openEuler-22.03-LTS-SP3:jython-javadoc-2.7.1-3.oe2203sp3.noarch", "openEuler-22.03-LTS-SP4:jython-2.7.1-3.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:jython-demo-2.7.1-3.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:jython-javadoc-2.7.1-3.oe2203sp4.noarch", "openEuler-24.03-LTS:jython-2.7.1-3.oe2403.noarch", "openEuler-24.03-LTS:jython-demo-2.7.1-3.oe2403.noarch", "openEuler-24.03-LTS:jython-javadoc-2.7.1-3.oe2403.noarch", "openEuler-24.03-LTS-SP1:jython-2.7.1-3.oe2403sp1.src", "openEuler-24.03-LTS-SP2:jython-2.7.1-3.oe2403sp2.src", "openEuler-20.03-LTS-SP4:jython-2.7.1-3.oe2003sp4.src", "openEuler-22.03-LTS-SP3:jython-2.7.1-3.oe2203sp3.src", "openEuler-22.03-LTS-SP4:jython-2.7.1-3.oe2203sp4.src", "openEuler-24.03-LTS:jython-2.7.1-3.oe2403.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:jython-2.7.1-3.oe2403sp1.noarch", "openEuler-24.03-LTS-SP1:jython-demo-2.7.1-3.oe2403sp1.noarch", "openEuler-24.03-LTS-SP1:jython-javadoc-2.7.1-3.oe2403sp1.noarch", "openEuler-24.03-LTS-SP2:jython-2.7.1-3.oe2403sp2.noarch", "openEuler-24.03-LTS-SP2:jython-demo-2.7.1-3.oe2403sp2.noarch", "openEuler-24.03-LTS-SP2:jython-javadoc-2.7.1-3.oe2403sp2.noarch", "openEuler-20.03-LTS-SP4:jython-2.7.1-3.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:jython-demo-2.7.1-3.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:jython-javadoc-2.7.1-3.oe2003sp4.noarch", "openEuler-22.03-LTS-SP3:jython-2.7.1-3.oe2203sp3.noarch", "openEuler-22.03-LTS-SP3:jython-demo-2.7.1-3.oe2203sp3.noarch", "openEuler-22.03-LTS-SP3:jython-javadoc-2.7.1-3.oe2203sp3.noarch", "openEuler-22.03-LTS-SP4:jython-2.7.1-3.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:jython-demo-2.7.1-3.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:jython-javadoc-2.7.1-3.oe2203sp4.noarch", "openEuler-24.03-LTS:jython-2.7.1-3.oe2403.noarch", "openEuler-24.03-LTS:jython-demo-2.7.1-3.oe2403.noarch", "openEuler-24.03-LTS:jython-javadoc-2.7.1-3.oe2403.noarch", "openEuler-24.03-LTS-SP1:jython-2.7.1-3.oe2403sp1.src", "openEuler-24.03-LTS-SP2:jython-2.7.1-3.oe2403sp2.src", "openEuler-20.03-LTS-SP4:jython-2.7.1-3.oe2003sp4.src", "openEuler-22.03-LTS-SP3:jython-2.7.1-3.oe2203sp3.src", "openEuler-22.03-LTS-SP4:jython-2.7.1-3.oe2203sp4.src", "openEuler-24.03-LTS:jython-2.7.1-3.oe2403.src" ], "details":"jython security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1758" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:jython-2.7.1-3.oe2403sp1.noarch", "openEuler-24.03-LTS-SP1:jython-demo-2.7.1-3.oe2403sp1.noarch", "openEuler-24.03-LTS-SP1:jython-javadoc-2.7.1-3.oe2403sp1.noarch", "openEuler-24.03-LTS-SP2:jython-2.7.1-3.oe2403sp2.noarch", "openEuler-24.03-LTS-SP2:jython-demo-2.7.1-3.oe2403sp2.noarch", "openEuler-24.03-LTS-SP2:jython-javadoc-2.7.1-3.oe2403sp2.noarch", "openEuler-20.03-LTS-SP4:jython-2.7.1-3.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:jython-demo-2.7.1-3.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:jython-javadoc-2.7.1-3.oe2003sp4.noarch", "openEuler-22.03-LTS-SP3:jython-2.7.1-3.oe2203sp3.noarch", "openEuler-22.03-LTS-SP3:jython-demo-2.7.1-3.oe2203sp3.noarch", "openEuler-22.03-LTS-SP3:jython-javadoc-2.7.1-3.oe2203sp3.noarch", "openEuler-22.03-LTS-SP4:jython-2.7.1-3.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:jython-demo-2.7.1-3.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:jython-javadoc-2.7.1-3.oe2203sp4.noarch", "openEuler-24.03-LTS:jython-2.7.1-3.oe2403.noarch", "openEuler-24.03-LTS:jython-demo-2.7.1-3.oe2403.noarch", "openEuler-24.03-LTS:jython-javadoc-2.7.1-3.oe2403.noarch", "openEuler-24.03-LTS-SP1:jython-2.7.1-3.oe2403sp1.src", "openEuler-24.03-LTS-SP2:jython-2.7.1-3.oe2403sp2.src", "openEuler-20.03-LTS-SP4:jython-2.7.1-3.oe2003sp4.src", "openEuler-22.03-LTS-SP3:jython-2.7.1-3.oe2203sp3.src", "openEuler-22.03-LTS-SP4:jython-2.7.1-3.oe2203sp4.src", "openEuler-24.03-LTS:jython-2.7.1-3.oe2403.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-6069" } ] }