Bugzilla Automation <bugzi...@freebsd.org> has asked freebsd-python mailing list <pyt...@freebsd.org> for maintainer-feedback: Bug 246984: lang/python36,37: Fix CVE-2020-8492 [PATCH] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246984
--- Description --- CVE-2020-8492 is open for quite a long time and hasen't been patched in a release except for python 3.8. This pr fixes the CVE for Python 3.6 and 3.7 and corrects/updates the wrong vuxml entries. Please also see: https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html lang/python36: - Backport fix for CVE-2020-8492 - Python Bug 39503: https://bugs.python.org/issue39503 - Commit: https://github.com/python/cpython/commit/69cdeeb93e0830004a495ed854022425b93b3f 3e lang/python37: - Backport fix for CVE-2020-8492 - Python Bug 39503: https://bugs.python.org/issue39503 - Commit: https://github.com/python/cpython/commit/b57a73694e26e8b2391731b5ee0b1be5943738 8e security/vuxml: - Update the entry for python36 to the corrected version - Correct the entry for python37 to the correct version, 3.7.7 does NOT have the fix included. See: https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html _______________________________________________ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
