Date: Fri, 17 Apr 2026 09:04:07 +0000 From: bugzilla-noreply@freebsd.org To: python@FreeBSD.org Subject: [Bug 294486] lang/python314: needs fix for CVE-2026-6100 use-after-free in decompressors when reusing instances after MemoryError Message-ID: <bug-294486-21822-ZB1BucoqOp@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-294486-21822@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294486 --- Comment #4 from Matthias Andree <mandree@FreeBSD.org> --- The branch main has been updated by diizzy: URL: https://cgit.FreeBSD.org/ports/commit/?id=22584e71f43f5a2b074284c2122eda58440080fa commit 22584e71f43f5a2b074284c2122eda58440080fa Author: Matthias Andree <mandree@FreeBSD.org> AuthorDate: 2026-04-13 17:33:16 +0000 Commit: Daniel Engberg <diizzy@FreeBSD.org> CommitDate: 2026-04-16 21:38:32 +0000 security/vuxml: Add entry for Python CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor and gzip.GzipFile Obtained from: GitHub repo Security: b8e9f33c-375d-11f1-a119-e36228bfe7d4 CVE-2026-6100 --- security/vuxml/vuln/2026.xml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) -- You are receiving this mail because: You are on the CC list for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-294486-21822-ZB1BucoqOp>