Debian Bzr vulnerabilities

CVE-2017-14176 [CRITICAL] CVE-2017-14176: breezy - Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to ex... Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117. Scope: local bookworm: resolved (fixed in 3.0.0~bzr6772-1) bullseye: res

CVE-2013-2099 [MEDIUM] CVE-2013-2099: bzr - Algorithmic complexity vulnerability in the ssl.match_hostname function in Pytho... Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate. Scope: local bookworm: