Date: Wed, 10 Jun 2020 04:18:25 +0000 From: bugzilla-noreply@freebsd.org To: python@FreeBSD.org Subject: [Bug 246984] lang/python: Fix CVE-2020-8492, CVE-2019-18348 Message-ID: <bug-246984-21822-sP71eZnnwO@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-246984-21822@https.bugs.freebsd.org/bugzilla/> References: <bug-246984-21822@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D246984 --- Comment #12 from Kubilay Kocak <koobs@FreeBSD.org> --- @Dani/Danilo=20 I've closed bug 246808 (earlier issue for 3.6 update for CVE) as a dupe of = this issue as this one contains a superset of updates/changes. Can we please: - Obsolete any patches that are not relevant or superseded=20 - Understand/Assess/explain the apparent difference between the upstream co= mmit references used in bug 246808 for 3.6.10 vs this issues commit hashes for 3.6.10: < 69cdeeb93e0830004a495ed854022425b93b3f3e.patch:-p1 (this bug) < 83fc70159b24f5b11a5ef87c9b05c2cf4c7faeba.patch:-p1 (this bug) > 0f10ef077fc32b60cb07780ea7234516950d0f9e.patch:-p1 (other bug) - Summarise the update rationale, something like (but making sure its corre= ct, because its not obvious at the moment), the following: 3.5: backport 3.<x> commits (no releases anticipated for this version) 3.6: update to 3.6.10 (covers all outstanding CVE's) 3.7: backport 3.7 patches (3.7.8 not yet released? wont be released?) 3.8 not vulnerable --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-246984-21822-sP71eZnnwO>