Date: Wed, 10 Jun 2020 12:37:22 +0000 From: bugzilla-noreply@freebsd.org To: python@FreeBSD.org Subject: [Bug 246984] lang/python* Fix CVE-2020-8492, CVE-2019-18348 Message-ID: <bug-246984-21822-CDxXsskvpy@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-246984-21822@https.bugs.freebsd.org/bugzilla/> References: <bug-246984-21822@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D246984 --- Comment #14 from Danilo G. Baio <dbaio@freebsd.org> --- Thanks Dani for the explanations. Thinking in separate commits because we have an update in the middle (Python 3.6) and Python 3.5 fixes are awaiting review from Python Core. If something happens, it will be easy to revert. koobs@ as I know you like to organize commits, here it goes, any changes are welcome. ---------------------------------------------------------------------------= ---- lang/python35: Fix security issues There are no plans for a next release of Python 3.5. PR: 246984 Security: ca595a25-91d8-11ea-b470-080027846a02 (CVE-2019-18348) Security: a27b0bb6-84fc-11ea-b5b4-641c67a117d8 (CVE-2020-8492) MFH: 2020Q2 Obtained from: https://github.com/python/cpython/pull/19300 https://github.com/python/cpython/pull/19305. ---------------------------------------------------------------------------= ---- lang/python36: Update to 3.6.10, Fix security issues The patches for CVE-2019-18348 and CVE-2020-8492 are in the 3.6 branch and will be present on the next release. Patch for applying CVE-2020-8492 fix here in the ports tree was reported and submitted by Mike Fisher <mfisher911@gmail.com> and Dani <i.dani@outlook.com>. PR: 246984 Security: ca595a25-91d8-11ea-b470-080027846a02 (CVE-2019-18348) Security: a27b0bb6-84fc-11ea-b5b4-641c67a117d8 (CVE-2020-8492) MFH: 2020Q2 ---------------------------------------------------------------------------= ---- lang/python37: Fix security issues The patches for CVE-2019-18348 and CVE-2020-8492 are in the 3.7 branch and will be present on the next release. Patch for applying CVE-2020-8492 fix here in the ports tree was reported and submitted by Dani <i.dani@outlook.com>. PR: 246808 Security: ca595a25-91d8-11ea-b470-080027846a02 (CVE-2019-18348) Security: a27b0bb6-84fc-11ea-b5b4-641c67a117d8 (CVE-2020-8492) MFH: 2020Q2 X-MFH-with: 536776 ---------------------------------------------------------------------------= ---- About https://github.com/python/cpython/pull/19300 and https://github.com/python/cpython/pull/19305. I subscribed on those PRs and will be watching for any changes. After commits, vuxml will be updated. --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-246984-21822-CDxXsskvpy>