From e527bed80c91c0382a44759493d7c605d7774a60 Mon Sep 17 00:00:00 2001
From: Valentin Lorentz <vlorentz@softwareheritage.org>
Date: Fri, 16 Jan 2026 10:21:41 +0100
Subject: [PATCH 1/3] PYSEC-2023-72: Fix conflicting statements that some
 versions both introduce and fix it

My guess is this inconsistency comes from https://nvd.nist.gov/vuln/detail/cve-2023-32007 claiming
'up to version 3.1.3' even though this is the last version before version 3.2.0, which is also vulnerable
---
 vulns/pyspark/PYSEC-2023-72.yaml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/vulns/pyspark/PYSEC-2023-72.yaml b/vulns/pyspark/PYSEC-2023-72.yaml
index e3fc10593..d28de278a 100644
--- a/vulns/pyspark/PYSEC-2023-72.yaml
+++ b/vulns/pyspark/PYSEC-2023-72.yaml
@@ -16,11 +16,7 @@ affected:
   - type: ECOSYSTEM
     events:
     - introduced: "0"
-    - fixed: 3.1.1
-    - introduced: 3.2.0
     - fixed: 3.2.2
-    - introduced: 3.1.1
-    - fixed: 3.2.0
   versions:
   - 2.1.1
   - 2.1.2

From e4de0018911659c2b0c6df286e0c280c1ef1f50b Mon Sep 17 00:00:00 2001
From: Valentin Lorentz <vlorentz@softwareheritage.org>
Date: Fri, 16 Jan 2026 10:26:35 +0100
Subject: [PATCH 2/3] PYSEC-2022-236: Fix similar conflict

---
 vulns/pyspark/PYSEC-2022-236.yaml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/vulns/pyspark/PYSEC-2022-236.yaml b/vulns/pyspark/PYSEC-2022-236.yaml
index 43de8b7a2..4ab5bbedd 100644
--- a/vulns/pyspark/PYSEC-2022-236.yaml
+++ b/vulns/pyspark/PYSEC-2022-236.yaml
@@ -17,11 +17,9 @@ affected:
   - type: ECOSYSTEM
     events:
     - introduced: "0"
-    - fixed: 3.1.1
+    - fixed: 3.1.3
     - introduced: 3.2.0
     - fixed: 3.2.2
-    - introduced: 3.1.1
-    - fixed: 3.1.3
   versions:
   - 2.1.1
   - 2.1.2

From a46abd7f4f1229aa88c95e8d71cd6315fb15ac44 Mon Sep 17 00:00:00 2001
From: Valentin Lorentz <vlorentz@softwareheritage.org>
Date: Fri, 16 Jan 2026 10:29:51 +0100
Subject: [PATCH 3/3] PYSEC-2022-42972: Fix conflicting version statements
 according to description

---
 vulns/apache-iotdb/PYSEC-2022-42972.yaml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/vulns/apache-iotdb/PYSEC-2022-42972.yaml b/vulns/apache-iotdb/PYSEC-2022-42972.yaml
index b1e6f4e79..e23fdfbdc 100644
--- a/vulns/apache-iotdb/PYSEC-2022-42972.yaml
+++ b/vulns/apache-iotdb/PYSEC-2022-42972.yaml
@@ -11,16 +11,17 @@ affected:
   ranges:
   - type: ECOSYSTEM
     events:
-    - introduced: 0.13.0
-    - fixed: 0.14.0rc1
     - introduced: 0.12.2
-    - fixed: 0.13.0
+    - fixed: 0.13.3
   versions:
   - 0.12.2
   - 0.12.3
   - 0.12.4
   - 0.12.5
   - 0.12.6
+  - 0.13.0
+  - 0.13.1
+  - 0.13.2
 references:
 - type: ARTICLE
   url: https://lists.apache.org/thread/9pgpb82p5brooy41n8l5q0y9h33db2zn