Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 19 Jun 2026 04:16:25 +0000
From:      Charlie Li <vishwin@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: d77fc69a2681 - main - security/vuxml: update python entries with upstream commits
Message-ID:  <6a34c299.1a343.1efc90ea@gitrepo.freebsd.org>

index | next in thread | raw e-mail

The branch main has been updated by vishwin:

URL: https://cgit.FreeBSD.org/ports/commit/?id=d77fc69a26811a798238eeb429e7103556a709db

commit d77fc69a26811a798238eeb429e7103556a709db
Author:     Charlie Li <vishwin@FreeBSD.org>
AuthorDate: 2026-06-19 04:12:09 +0000
Commit:     Charlie Li <vishwin@FreeBSD.org>
CommitDate: 2026-06-19 04:16:15 +0000

    security/vuxml: update python entries with upstream commits
    
    Event: BSDCan 2026
---
 security/vuxml/vuln/2026.xml | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
index 710ab33006a4..a4b7d553d203 100644
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -8251,10 +8251,11 @@ affected.</p>
   <vuln vid="cf75f572-378a-11f1-a119-e36228bfe7d4">
     <topic>python -- more webbrowser.open() command injection vulnerabilities</topic>
     <affects>
-      <package><name>python310</name><range><ge>0</ge></range></package>
-      <package><name>python311</name><range><ge>0</ge></range></package>
+      <package><name>python310</name><range><lt>3.10.20_4</lt></range></package>
+      <package><name>python311</name><range><lt>3.11.15_4</lt></range></package>
       <package><name>python312</name><range><ge>0</ge></range></package>
-      <package><name>python313</name><range><ge>0</ge></range></package>
+      <package><name>python313</name><range><lt>3.13.14</lt></range></package>
+      <package><name>python313t</name><range><lt>3.13.14</lt></range></package>
       <package><name>python314</name><range><lt>3.14.4_2</lt></range></package>
     </affects>
     <description>
@@ -8280,16 +8281,18 @@ affected.</p>
     <dates>
       <discovery>2026-04-06</discovery>
       <entry>2026-04-13</entry>
+      <modified>2026-06-19</modified>
     </dates>
   </vuln>
 
   <vuln vid="b8e9f33c-375d-11f1-a119-e36228bfe7d4">
     <topic>Python -- use-after-free vulnerability in decompressors under memory pressure</topic>
     <affects>
-      <package><name>python310</name><range><ge>0</ge></range></package>
-      <package><name>python311</name><range><ge>0</ge></range></package>
+      <package><name>python310</name><range><lt>3.10.20_3</lt></range></package>
+      <package><name>python311</name><range><lt>3.11.15_3</lt></range></package>
       <package><name>python312</name><range><ge>0</ge></range></package>
-      <package><name>python313</name><range><ge>0</ge></range></package>
+      <package><name>python313</name><range><lt>3.13.14</lt></range></package>
+      <package><name>python313t</name><range><lt>3.13.14</lt></range></package>
       <package><name>python314</name><range><lt>3.14.4_1</lt></range></package>
     </affects>
     <description>
@@ -8321,6 +8324,7 @@ affected.</p>
     <dates>
       <discovery>2026-04-11</discovery>
       <entry>2026-04-13</entry>
+      <modified>2026-06-19</modified>
     </dates>
   </vuln>
 
@@ -8356,8 +8360,9 @@ affected.</p>
     <affects>
       <package><name>python310</name><range><ge>0</ge></range></package>
       <package><name>python311</name><range><ge>0</ge></range></package>
-      <package><name>python312</name><range><ge>0</ge></range></package>
-      <package><name>python313</name><range><ge>0</ge></range></package>
+      <package><name>python312</name><range><lt>3.12.13_3</lt></range></package>
+      <package><name>python313</name><range><lt>3.13.14</lt></range></package>
+      <package><name>python313t</name><range><lt>3.13.14</lt></range></package>
       <package><name>python314</name><range><lt>3.14.4</lt></range></package>
     </affects>
     <description>
@@ -8375,6 +8380,7 @@ affected.</p>
     <dates>
       <discovery>2026-03-20</discovery>
       <entry>2026-04-12</entry>
+      <modified>2026-06-19</modified>
     </dates>
    </vuln>
 
@@ -8384,7 +8390,8 @@ affected.</p>
       <package><name>python310</name><range><ge>0</ge></range></package>
       <package><name>python311</name><range><ge>0</ge></range></package>
       <package><name>python312</name><range><ge>0</ge></range></package>
-      <package><name>python313</name><range><ge>0</ge></range></package>
+      <package><name>python313</name><range><lt>3.13.14</lt></range></package>
+      <package><name>python313t</name><range><lt>3.13.14</lt></range></package>
       <package><name>python314</name><range><lt>3.14.4</lt></range></package>
     </affects>
     <description>
@@ -8401,6 +8408,7 @@ affected.</p>
     <dates>
       <discovery>2026-03-23</discovery>
       <entry>2026-04-12</entry>
+      <modified>2026-06-19</modified>
     </dates>
   </vuln>
 


home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a34c299.1a343.1efc90ea>