[Bug 246984] lang/python: Fix CVE-2020-8492, CVE-2019-18348
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jun 10 04:18:25 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246984
--- Comment #12 from Kubilay Kocak <koobs at FreeBSD.org> ---
@Dani/Danilo
I've closed bug 246808 (earlier issue for 3.6 update for CVE) as a dupe of this
issue as this one contains a superset of updates/changes.
Can we please:
- Obsolete any patches that are not relevant or superseded
- Understand/Assess/explain the apparent difference between the upstream commit
references used in bug 246808 for 3.6.10 vs this issues commit hashes for
3.6.10:
< 69cdeeb93e0830004a495ed854022425b93b3f3e.patch:-p1 (this bug)
< 83fc70159b24f5b11a5ef87c9b05c2cf4c7faeba.patch:-p1 (this bug)
> 0f10ef077fc32b60cb07780ea7234516950d0f9e.patch:-p1 (other bug)
- Summarise the update rationale, something like (but making sure its correct,
because its not obvious at the moment), the following:
3.5: backport 3.<x> commits (no releases anticipated for this version)
3.6: update to 3.6.10 (covers all outstanding CVE's)
3.7: backport 3.7 patches (3.7.8 not yet released? wont be released?)
3.8 not vulnerable
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
More information about the freebsd-python
mailing list