Date: Sat, 11 Apr 2026 10:21:07 +0000 From: bugzilla-noreply@freebsd.org To: python@FreeBSD.org Subject: [Bug 294246] lang/python3: Missing security update Message-ID: <bug-294246-21822-fuqW6zO8wB@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-294246-21822@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294246 Matthias Andree <mandree@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.freebsd.org/bu | |gzilla/show_bug.cgi?id=2943 | |24 CC| |core@FreeBSD.org, | |mandree@FreeBSD.org --- Comment #13 from Matthias Andree <mandree@FreeBSD.org> --- (In reply to Herbert J. Skuhra from comment #10) Because I added python314 even before the python@ members got python313 into the tree and I am not handing it over to the team. Everyone feel free though to Cc: me on Python PRs that also apply to 3.14. As to the matter, we don't need cherry picks, we can update/MFH(2026Q2) 3.14 to 3.14.4 instead. The 3.14.4 update contains the fix for leading dashes in webbrowser.open(), so the two cherry-picks to fix these are not needed there. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294324 has (1) a 3.14.4 security update (sent by me as the maintainer), and two post-3.14.4 cherry-picked security fixes for: (2) gh-146211: Reject CR/LF in HTTP tunnel request headers (3) gh-146333: Fix quadratic regex backtracking in configparser Which probably want investigation/backport to older Python releases. The PR 294324 (link above) also contains VuXML updates. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-294246-21822-fuqW6zO8wB>