[Bug 246984] lang/python* Fix CVE-2020-8492, CVE-2019-18348

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed Jun 10 12:37:23 UTC 2020 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246984

--- Comment #14 from Danilo G. Baio <dbaio at freebsd.org> ---
Thanks Dani for the explanations.

Thinking in separate commits because we have an update in the middle (Python
3.6) and Python 3.5 fixes are awaiting review from Python Core. If something
happens, it will be easy to revert.

koobs@ as I know you like to organize commits, here it goes, any changes are
welcome.

-------------------------------------------------------------------------------
lang/python35: Fix security issues

There are no plans for a next release of Python 3.5.

PR:   246984
Security: ca595a25-91d8-11ea-b470-080027846a02 (CVE-2019-18348)
Security: a27b0bb6-84fc-11ea-b5b4-641c67a117d8 (CVE-2020-8492)
MFH:  2020Q2
Obtained from:  https://github.com/python/cpython/pull/19300
    https://github.com/python/cpython/pull/19305.

-------------------------------------------------------------------------------
lang/python36: Update to 3.6.10, Fix security issues

The patches for CVE-2019-18348 and CVE-2020-8492 are in the 3.6 branch
and will be present on the next release.

Patch for applying CVE-2020-8492 fix here in the ports tree was reported
and submitted by Mike Fisher <mfisher911 at gmail.com> and
Dani <i.dani at outlook.com>.

PR:   246984
Security: ca595a25-91d8-11ea-b470-080027846a02 (CVE-2019-18348)
Security: a27b0bb6-84fc-11ea-b5b4-641c67a117d8 (CVE-2020-8492)
MFH:  2020Q2

-------------------------------------------------------------------------------
lang/python37: Fix security issues

The patches for CVE-2019-18348 and CVE-2020-8492 are in the 3.7 branch
and will be present on the next release.

Patch for applying CVE-2020-8492 fix here in the ports tree was reported
and submitted by Dani <i.dani at outlook.com>.

PR:   246808
Security: ca595a25-91d8-11ea-b470-080027846a02 (CVE-2019-18348)
Security: a27b0bb6-84fc-11ea-b5b4-641c67a117d8 (CVE-2020-8492)
MFH:  2020Q2
X-MFH-with: 536776

-------------------------------------------------------------------------------

About https://github.com/python/cpython/pull/19300 and
https://github.com/python/cpython/pull/19305.

I subscribed on those PRs and will be watching for any changes.

After commits, vuxml will be updated.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the freebsd-python mailing list