Debian Wheel vulnerabilities

CVE-2026-24049 [HIGH] CVE-2026-24049: wheel - wheel is a command line tool for manipulating Python wheel files, as defined in ... wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process

CVE-2022-40898 [HIGH] CVE-2022-40898: wheel - An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlie... An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. Scope: local bookworm: resolved (fixed in 0.38.0-1) bullseye: open forky: resolved (fixed in 0.38.0-1) sid: resolved (fixed in 0.38.0-1) trixie: resolved (fixed in 0.38.0-1)