improve some python 2023 CVE version ranges

Signed-off-by: Weston Steimel <commits@weston.slmail.me>

data/anchore/2023/CVE-2023-33595.json

@@ -0,0 +1,38 @@
+{
+  "additionalMetadata": {
+    "cna": "mitre",
+    "cveId": "CVE-2023-33595",
+    "description": "CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.",
+    "reason": "Improve version ranges to indicate fix",
+    "references": [
+      "https://github.com/python/cpython/issues/103824",
+      "https://github.com/python/cpython/pull/103993/commits/c120bc2d354ca3d27d0c7a53bf65574ddaabaf3a"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://github.com",
+        "cpes": [
+          "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
+        ],
+        "packageName": "python/cpython",
+        "product": "CPython",
+        "repo": "https://github.com/python/cpython",
+        "vendor": "Python Software Foundation",
+        "versions": [
+          {
+            "lessThan": "3.12.0-alpha8",
+            "status": "affected",
+            "version": "3.12.0-alpha0",
+            "versionType": "python"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}

data/anchore/2023/CVE-2023-38898.json

@@ -0,0 +1,51 @@
+{
+  "additionalMetadata": {
+    "cna": "mitre",
+    "cveId": "CVE-2023-38898",
+    "description": "An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug.",
+    "reason": "Improve version ranges to indicate fix",
+    "references": [
+      "https://github.com/python/cpython/issues/105987"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://github.com",
+        "cpes": [
+          "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
+        ],
+        "packageName": "python/cpython",
+        "product": "CPython",
+        "repo": "https://github.com/python/cpython",
+        "vendor": "Python Software Foundation",
+        "versions": [
+          {
+            "lessThan": "3.13.0a1",
+            "status": "affected",
+            "version": "3.13.0a0",
+            "versionType": "python"
+          },
+          {
+            "lessThan": "3.12.0b4",
+            "status": "affected",
+            "version": "0",
+            "versionType": "python"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    },
+    "references": [
+      {
+        "url": "https://github.com/python/cpython/pull/106099"
+      },
+      {
+        "url": "https://github.com/python/cpython/pull/105989"
+      }
+    ]
+  }
+}

data/anchore/2023/CVE-2023-41105.json

@@ -0,0 +1,48 @@
+{
+  "additionalMetadata": {
+    "cna": "mitre",
+    "cveId": "CVE-2023-41105",
+    "description": "An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.",
+    "reason": "Improve version ranges to indicate fix",
+    "references": [
+      "https://github.com/python/cpython/issues/106242",
+      "https://github.com/python/cpython/pull/107981",
+      "https://github.com/python/cpython/pull/107982",
+      "https://github.com/python/cpython/pull/107983",
+      "https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/",
+      "https://security.netapp.com/advisory/ntap-20231006-0015/"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://github.com",
+        "cpes": [
+          "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
+        ],
+        "packageName": "python/cpython",
+        "product": "CPython",
+        "repo": "https://github.com/python/cpython",
+        "vendor": "Python Software Foundation",
+        "versions": [
+          {
+            "lessThan": "3.12.0rc2",
+            "status": "affected",
+            "version": "3.12.0a1",
+            "versionType": "python"
+          },
+          {
+            "lessThan": "3.11.5",
+            "status": "affected",
+            "version": "3.11.0",
+            "versionType": "python"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}

data/anchore/2023/CVE-2023-6507.json

@@ -0,0 +1,47 @@
+{
+  "additionalMetadata": {
+    "cna": "psf",
+    "cveId": "CVE-2023-6507",
+    "description": "An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases.\n\nWhen using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list.\n\nThis issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`).",
+    "reason": "Improve version ranges to indicate fix",
+    "references": [
+      "https://github.com/python/cpython/commit/10e9bb13b8dcaa414645b9bd10718d8f7179e82b",
+      "https://github.com/python/cpython/commit/85bbfa8a4bbdbb61a3a84fbd7cb29a4096ab8a06",
+      "https://github.com/python/cpython/commit/9fe7655c6ce0b8e9adc229daf681b6d30e6b1610",
+      "https://github.com/python/cpython/issues/112334",
+      "https://mail.python.org/archives/list/security-announce@python.org/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD/"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "collectionURL": "https://github.com",
+        "cpes": [
+          "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
+        ],
+        "packageName": "python/cpython",
+        "product": "CPython",
+        "repo": "https://github.com/python/cpython",
+        "vendor": "Python Software Foundation",
+        "versions": [
+          {
+            "lessThan": "3.12.1",
+            "status": "affected",
+            "version": "3.12.0",
+            "versionType": "python"
+          },
+          {
+            "lessThan": "3.13.0a3",
+            "status": "affected",
+            "version": "3.13.0a1",
+            "versionType": "python"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}