Date: Thu, 04 Jun 2020 15:35:38 +0000 From: bugzilla-noreply@freebsd.org To: python@FreeBSD.org Subject: [Bug 246984] lang/python36,37: Fix CVE-2020-8492 [PATCH] Message-ID: <bug-246984-21822@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D246984 Bug ID: 246984 Summary: lang/python36,37: Fix CVE-2020-8492 [PATCH] Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: python@FreeBSD.org Reporter: i.dani@outlook.com Flags: maintainer-feedback?(python@FreeBSD.org) Assignee: python@FreeBSD.org CVE-2020-8492 is open for quite a long time and hasen't been patched in a release except for python 3.8. This pr fixes the CVE for Python 3.6 and 3.7= and corrects/updates the wrong vuxml entries. Please also see: https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html lang/python36: - Backport fix for CVE-2020-8492 - Python Bug 39503: https://bugs.python.org/issue39503 - Commit: https://github.com/python/cpython/commit/69cdeeb93e0830004a495ed854022425b9= 3b3f3e lang/python37: - Backport fix for CVE-2020-8492 - Python Bug 39503: https://bugs.python.org/issue39503 - Commit: https://github.com/python/cpython/commit/b57a73694e26e8b2391731b5ee0b1be594= 37388e security/vuxml: - Update the entry for python36 to the corrected version - Correct the entry for python37 to the correct version, 3.7.7 does NOT h= ave the fix included. See: https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-246984-21822>