Date: Fri, 19 Jun 2026 04:16:25 +0000 From: Charlie Li <vishwin@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: d77fc69a2681 - main - security/vuxml: update python entries with upstream commits Message-ID: <6a34c299.1a343.1efc90ea@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by vishwin: URL: https://cgit.FreeBSD.org/ports/commit/?id=d77fc69a26811a798238eeb429e7103556a709db commit d77fc69a26811a798238eeb429e7103556a709db Author: Charlie Li <vishwin@FreeBSD.org> AuthorDate: 2026-06-19 04:12:09 +0000 Commit: Charlie Li <vishwin@FreeBSD.org> CommitDate: 2026-06-19 04:16:15 +0000 security/vuxml: update python entries with upstream commits Event: BSDCan 2026 --- security/vuxml/vuln/2026.xml | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index 710ab33006a4..a4b7d553d203 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -8251,10 +8251,11 @@ affected.</p> <vuln vid="cf75f572-378a-11f1-a119-e36228bfe7d4"> <topic>python -- more webbrowser.open() command injection vulnerabilities</topic> <affects> - <package><name>python310</name><range><ge>0</ge></range></package> - <package><name>python311</name><range><ge>0</ge></range></package> + <package><name>python310</name><range><lt>3.10.20_4</lt></range></package> + <package><name>python311</name><range><lt>3.11.15_4</lt></range></package> <package><name>python312</name><range><ge>0</ge></range></package> - <package><name>python313</name><range><ge>0</ge></range></package> + <package><name>python313</name><range><lt>3.13.14</lt></range></package> + <package><name>python313t</name><range><lt>3.13.14</lt></range></package> <package><name>python314</name><range><lt>3.14.4_2</lt></range></package> </affects> <description> @@ -8280,16 +8281,18 @@ affected.</p> <dates> <discovery>2026-04-06</discovery> <entry>2026-04-13</entry> + <modified>2026-06-19</modified> </dates> </vuln> <vuln vid="b8e9f33c-375d-11f1-a119-e36228bfe7d4"> <topic>Python -- use-after-free vulnerability in decompressors under memory pressure</topic> <affects> - <package><name>python310</name><range><ge>0</ge></range></package> - <package><name>python311</name><range><ge>0</ge></range></package> + <package><name>python310</name><range><lt>3.10.20_3</lt></range></package> + <package><name>python311</name><range><lt>3.11.15_3</lt></range></package> <package><name>python312</name><range><ge>0</ge></range></package> - <package><name>python313</name><range><ge>0</ge></range></package> + <package><name>python313</name><range><lt>3.13.14</lt></range></package> + <package><name>python313t</name><range><lt>3.13.14</lt></range></package> <package><name>python314</name><range><lt>3.14.4_1</lt></range></package> </affects> <description> @@ -8321,6 +8324,7 @@ affected.</p> <dates> <discovery>2026-04-11</discovery> <entry>2026-04-13</entry> + <modified>2026-06-19</modified> </dates> </vuln> @@ -8356,8 +8360,9 @@ affected.</p> <affects> <package><name>python310</name><range><ge>0</ge></range></package> <package><name>python311</name><range><ge>0</ge></range></package> - <package><name>python312</name><range><ge>0</ge></range></package> - <package><name>python313</name><range><ge>0</ge></range></package> + <package><name>python312</name><range><lt>3.12.13_3</lt></range></package> + <package><name>python313</name><range><lt>3.13.14</lt></range></package> + <package><name>python313t</name><range><lt>3.13.14</lt></range></package> <package><name>python314</name><range><lt>3.14.4</lt></range></package> </affects> <description> @@ -8375,6 +8380,7 @@ affected.</p> <dates> <discovery>2026-03-20</discovery> <entry>2026-04-12</entry> + <modified>2026-06-19</modified> </dates> </vuln> @@ -8384,7 +8390,8 @@ affected.</p> <package><name>python310</name><range><ge>0</ge></range></package> <package><name>python311</name><range><ge>0</ge></range></package> <package><name>python312</name><range><ge>0</ge></range></package> - <package><name>python313</name><range><ge>0</ge></range></package> + <package><name>python313</name><range><lt>3.13.14</lt></range></package> + <package><name>python313t</name><range><lt>3.13.14</lt></range></package> <package><name>python314</name><range><lt>3.14.4</lt></range></package> </affects> <description> @@ -8401,6 +8408,7 @@ affected.</p> <dates> <discovery>2026-03-23</discovery> <entry>2026-04-12</entry> + <modified>2026-06-19</modified> </dates> </vuln>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a34c299.1a343.1efc90ea>
