Date: Thu, 04 Jun 2020 15:35:38 +0000 From: bugzilla-noreply@freebsd.org To: python@FreeBSD.org Subject: maintainer-feedback requested: [Bug 246984] lang/python36,37: Fix CVE-2020-8492 [PATCH] Message-ID: <bug-246984-21822-j4tqHLrdD4@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-246984-21822@https.bugs.freebsd.org/bugzilla/> References: <bug-246984-21822@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-python mailing list <python@FreeBSD.org> for maintainer-feedback: Bug 246984: lang/python36,37: Fix CVE-2020-8492 [PATCH] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D246984 --- Description --- CVE-2020-8492 is open for quite a long time and hasen't been patched in a release except for python 3.8. This pr fixes the CVE for Python 3.6 and 3.7= and corrects/updates the wrong vuxml entries. Please also see: https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html lang/python36: - Backport fix for CVE-2020-8492 - Python Bug 39503: https://bugs.python.org/issue39503 - Commit: https://github.com/python/cpython/commit/69cdeeb93e0830004a495ed854022425b9= 3b3f 3e lang/python37: - Backport fix for CVE-2020-8492 - Python Bug 39503: https://bugs.python.org/issue39503 - Commit: https://github.com/python/cpython/commit/b57a73694e26e8b2391731b5ee0b1be594= 3738 8e security/vuxml: - Update the entry for python36 to the corrected version - Correct the entry for python37 to the correct version, 3.7.7 does NOT h= ave the fix included. See: https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-246984-21822-j4tqHLrdD4>