[Bug 246984] lang/python36,37: Fix CVE-2020-8492 [PATCH]
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Jun 4 15:35:39 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246984
Bug ID: 246984
Summary: lang/python36,37: Fix CVE-2020-8492 [PATCH]
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: Individual Port(s)
Assignee: python at FreeBSD.org
Reporter: i.dani at outlook.com
Flags: maintainer-feedback?(python at FreeBSD.org)
Assignee: python at FreeBSD.org
CVE-2020-8492 is open for quite a long time and hasen't been patched in a
release except for python 3.8. This pr fixes the CVE for Python 3.6 and 3.7 and
corrects/updates the wrong vuxml entries.
Please also see:
https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html
lang/python36:
- Backport fix for CVE-2020-8492
- Python Bug 39503: https://bugs.python.org/issue39503
- Commit:
https://github.com/python/cpython/commit/69cdeeb93e0830004a495ed854022425b93b3f3e
lang/python37:
- Backport fix for CVE-2020-8492
- Python Bug 39503: https://bugs.python.org/issue39503
- Commit:
https://github.com/python/cpython/commit/b57a73694e26e8b2391731b5ee0b1be59437388e
security/vuxml:
- Update the entry for python36 to the corrected version
- Correct the entry for python37 to the correct version, 3.7.7 does NOT have
the fix included. See:
https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-python
mailing list