maintainer-feedback requested: [Bug 246984] lang/python36,37: Fix CVE-2020-8492 [PATCH]
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Jun 4 15:35:39 UTC 2020
Bugzilla Automation <bugzilla at FreeBSD.org> has asked freebsd-python mailing
list <python at FreeBSD.org> for maintainer-feedback:
Bug 246984: lang/python36,37: Fix CVE-2020-8492 [PATCH]
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246984
--- Description ---
CVE-2020-8492 is open for quite a long time and hasen't been patched in a
release except for python 3.8. This pr fixes the CVE for Python 3.6 and 3.7 and
corrects/updates the wrong vuxml entries.
Please also see:
https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html
lang/python36:
- Backport fix for CVE-2020-8492
- Python Bug 39503: https://bugs.python.org/issue39503
- Commit:
https://github.com/python/cpython/commit/69cdeeb93e0830004a495ed854022425b93b3f
3e
lang/python37:
- Backport fix for CVE-2020-8492
- Python Bug 39503: https://bugs.python.org/issue39503
- Commit:
https://github.com/python/cpython/commit/b57a73694e26e8b2391731b5ee0b1be5943738
8e
security/vuxml:
- Update the entry for python36 to the corrected version
- Correct the entry for python37 to the correct version, 3.7.7 does NOT have
the fix included. See:
https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html
More information about the freebsd-python
mailing list