Date: Thu, 04 Jun 2020 15:35:38 +0000 From: bugzilla-noreply@freebsd.org To: python@FreeBSD.org Subject: [Bug 246984] lang/python36,37: Fix CVE-2020-8492 [PATCH] Message-ID: <bug-246984-21822@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246984 Bug ID: 246984 Summary: lang/python36,37: Fix CVE-2020-8492 [PATCH] Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: python@FreeBSD.org Reporter: i.dani@outlook.com Flags: maintainer-feedback?(python@FreeBSD.org) Assignee: python@FreeBSD.org CVE-2020-8492 is open for quite a long time and hasen't been patched in a release except for python 3.8. This pr fixes the CVE for Python 3.6 and 3.7 and corrects/updates the wrong vuxml entries. Please also see: https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html lang/python36: - Backport fix for CVE-2020-8492 - Python Bug 39503: https://bugs.python.org/issue39503 - Commit: https://github.com/python/cpython/commit/69cdeeb93e0830004a495ed854022425b93b3f3e lang/python37: - Backport fix for CVE-2020-8492 - Python Bug 39503: https://bugs.python.org/issue39503 - Commit: https://github.com/python/cpython/commit/b57a73694e26e8b2391731b5ee0b1be59437388e security/vuxml: - Update the entry for python36 to the corrected version - Correct the entry for python37 to the correct version, 3.7.7 does NOT have the fix included. See: https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-246984-21822>