From nobody Mon May 4 23:38:15 2026 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4g8dPT4xH4z6ckQW for ; Mon, 04 May 2026 23:38:21 +0000 (UTC) (envelope-from thronobulax@gmail.com) Received: from mail-qk1-x72a.google.com (mail-qk1-x72a.google.com [IPv6:2607:f8b0:4864:20::72a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4g8dPS5x9Dz40BN for ; Mon, 04 May 2026 23:38:20 +0000 (UTC) (envelope-from thronobulax@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20251104 header.b="K4P4eMd/"; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of thronobulax@gmail.com designates 2607:f8b0:4864:20::72a as permitted sender) smtp.mailfrom=thronobulax@gmail.com Received: by mail-qk1-x72a.google.com with SMTP id af79cd13be357-8d65f4073bfso639851485a.3 for ; Mon, 04 May 2026 16:38:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777937899; x=1778542699; darn=freebsd.org; h=content-transfer-encoding:in-reply-to:content-language:references :to:from:subject:user-agent:mime-version:date:message-id:from:to:cc :subject:date:message-id:reply-to; bh=otbUWEJ6pbNxC7RV5jnhKQtpB8Y+IC4DukxPe6+ItOA=; b=K4P4eMd/SVOcZukFDJZ2xbmCKHK7VNEVCkNC535/NUpwP/A5ZgpdJ12rAUncygsmZO z2HclVBGrwyQb+JrlAnN6hMVRt4K3TpXR6pGbtxSXfZFQoIOXl3UaO7GANpPkLvDxszz ZZIpc01ynqg20O7Ky43ao8Hg6r/JOfPH/CqXWjLma/Inlw45PXBEYOEvFZFbr82r66in QNMnTPecirxcyrX64Fw5mynpzwaPNdBH2FtbkaBq7tHsY/jGQMtgVe5cdVAk1RSw+MZj m76DsYzNRWRT+ImqB2YfDQqJ4GOdLNU8/qiYAoSMFNUv+w9DD2xi/AQIUGWGQ9vwhY+s b22Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777937899; x=1778542699; h=content-transfer-encoding:in-reply-to:content-language:references :to:from:subject:user-agent:mime-version:date:message-id:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=otbUWEJ6pbNxC7RV5jnhKQtpB8Y+IC4DukxPe6+ItOA=; b=XIPW+/zzfv3tDzoscRjaAnts5NTdHStiTgm3g/hizX+Fn76Kl2QKK5lrL6Nqvsw1xo xQ4Nm9yN9YvQ3XlQHykI+FOQL2HneGN+na6agq9kj7kaMd7bvjABOY8HvaN0Tca9Qnu2 KVA383RTsPES6CmddpIfZI3Yo5fI+HAj+cft1thJ3DnY79iCYLm7lzZ9tDS9drTQyRj0 JLBnmILIHH9QiYsOrLOVUjRB3bC7phgEICF9cGu6PfjmSGS5ChgYXMPbvxwaVRLySoPx qmetOX33iyJg0TPU2ISnlPsnZcK/n8UOCoNT+Ce+no98EzQZESqsq58HNPELe9r4nRrR UBGQ== X-Gm-Message-State: AOJu0YxTX99wuHFkpHYNmQb2kRVHo2J71FiLI2nSUJ+VkJ3hJ867eJ+R 6Ac1vbQ5S2Pym8DbLRgIxRx6CqOyYdyIb6hFezeAdXJ843ZBw3xTGNaZmxB+6A== X-Gm-Gg: AeBDieve/vdkdttAC+tFucamNGmLjQSQLbitcEjSat/M3Pfp6ZvPoTwcaW+4WJTif4S fAcYH23HBVSjrAcs3Byaj9HK+YGdd4LFKvy/CvuNZpllacMUdZOrHX8R4msEFa+kT9cclIYwzrQ VhQ/SCRvo0MA60Y8R1M9eqMnuqVaUXeLyFrUdI+hF62RNd9j2PhDwG2RfWjFsWbWq/6+Kz0J9o7 C04zktQ07xEsHJsaEmZokevc93jercllDX5ssoGHQO5rOeI4vZPY9313mvRmm894h+fgAWJGVO9 m0xYU35DyU56pIwY1wE2mcEZHS2e9CDXr/N1wHYbirFdbyB1fkXQBrokKJQrd5JBaV0fn7rnmol RmXhojDfrOYit7TaV0wgkQoyDUgY5YbaH3zMnFyEoCSTHn5HhPLT7J/SXvU7EoF5ljVwIeBxX5d Eyah9mMgAUeaS3ZEy3OLtbEPpy9se4vsTxZ0tkXeua8+rZtCMBGOAFxHA= X-Received: by 2002:a05:620a:25c6:b0:8f0:5e11:d1f2 with SMTP id af79cd13be357-902e49e9fbbmr172783585a.17.1777937898922; Mon, 04 May 2026 16:38:18 -0700 (PDT) Received: from [192.168.0.2] (ozzie.tundraware.com. [75.145.138.73]) by smtp.gmail.com with ESMTPSA id af79cd13be357-8fc2c349572sm1210138885a.28.2026.05.04.16.38.16 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 May 2026 16:38:17 -0700 (PDT) Message-ID: Date: Mon, 4 May 2026 18:38:15 -0500 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Python 3.11 Open CVE Resolution? From: Tim Daneliuk To: FreeBSD Mailing List References: <922c5133-a4bc-4752-aaad-6b569a354745@gmail.com> <6501d762-db9b-4979-a53f-b57ef848f1ec@gmail.com> Content-Language: en-US In-Reply-To: <6501d762-db9b-4979-a53f-b57ef848f1ec@gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spamd-Result: default: False [-3.00 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.998]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4864::/56:c]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20251104]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; TO_DN_ALL(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_FROM(0.00)[gmail.com]; RCPT_COUNT_ONE(0.00)[1]; FREEMAIL_ENVFROM(0.00)[gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::72a:from] X-Spamd-Bar: -- X-Rspamd-Queue-Id: 4g8dPS5x9Dz40BN On 5/4/26 16:34, Tim Daneliuk wrote: > On 5/4/26 12:17, Michael Sierchio wrote: >> On Mon, May 4, 2026 at 1:02 PM Tim Daneliuk wrote: >>> >>> A lot of port upgrades are failing because of open CVEs on Python 3.11 on 13.5-STABLE. >>> >>> Do we have a likely ETA for resolution?  I prefer not to disable vulnerability checking. >> >> By resolution do you mean availability of a point release for Python, >> such as 3.11.15? >> > > Yes.  This has not appeared in ports yet so far as I know. I should correct this. 3.11.15 is in the ports, but the current .2 subversion is still shown vulnerabilities. This is preventing all manner of other ports updates.