https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291609
Charlie Li <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|maintainer-feedback- |maintainer-feedback+ --- Comment #6 from Charlie Li <[email protected]> --- [maintainer-timeout does not get to be overridden when it was already set by a maintainer, especially when feedback was provided] CVE-2025-13836: https://github.com/python/cpython/issues/119451 Upstream outstanding pull requests (they are backported from the main one linked from the PR): 3.11: https://github.com/python/cpython/pull/142141 3.10: https://github.com/python/cpython/pull/142142 CVE-2025-12084: https://github.com/python/cpython/issues/142145 Upstream outstanding pull requests: 3.11: https://github.com/python/cpython/pull/142212 3.10: https://github.com/python/cpython/pull/142213 None of these have been committed to their respective branches. Ports will not include these fixes until upstream commits them, after which PORTREVISION bumps can happen until they cut new releases. (In reply to Torsten Zuehlsdorff from comment #3) It is ultimately up to the upstream CPython project to commit their fixes appropriately. Using stuff that upstream has not fully blessed, ie through solid commits, does not provide us and our users a good support trail. -- You are receiving this mail because: You are the assignee for the bug.
