[Bug 270744] security/vuxml: 20 new entries for vulnerable ports

2023-04-11 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270744

--- Comment #2 from Hubert Tournier  ---
(In reply to Dan Langille from comment #1)
Right! I was also wondering if it was the correct way to do this but assumed
going for the default Python version would do. I found examples of how to do it
properly in previous VuXML entries.
I'll be submitting a new replacement attachment in this hour.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 270744] security/vuxml: 20 new entries for vulnerable ports

2023-04-11 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270744

Hubert Tournier  changed:

   What|Removed |Added

 Attachment #241403|0   |1
is obsolete||

--- Comment #3 from Hubert Tournier  ---
Created attachment 241423
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=241423&action=edit
18 corrected VuXML new entries for vulnerable ports

Fixes coverage of other Python versions, taking into account Dan Langille's
comment.

I removed the 2 py-pysaml24 vulnerabilities which should update 2 previously
reported py-pysaml2 vulnerabilities. I'll submit another patch for that later.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 267515] lang/python312: New port, repocopied from lang/python311

2023-04-11 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267515

Henrich Hartzer  changed:

   What|Removed |Added

 CC||henrichhart...@tuta.io

--- Comment #6 from Henrich Hartzer  ---
This seems like it would be good to merge if it's ready.

-- 
You are receiving this mail because:
You are the assignee for the bug.

maintainer-feedback requested: [Bug 270767] lang/python311 backport 3.11.3 to quarterly

2023-04-11 Thread bugzilla-noreply 
Bugzilla Automation  has asked freebsd-python (Nobody)
 for maintainer-feedback:
Bug 270767: lang/python311 backport 3.11.3 to quarterly
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270767



--- Description ---
I think it would be wise to backport lang/python311 to 2023Q2/quarterly. Python
patch releases are quite stable, and this one has a couple of possible security
fixes.

I believe this also applies to lang/python310.

[Bug 270767] lang/python311 backport 3.11.3 to quarterly

2023-04-11 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270767

Bug ID: 270767
   Summary: lang/python311 backport 3.11.3 to quarterly
   Product: Ports & Packages
   Version: Latest
  Hardware: Any
OS: Any
Status: New
  Severity: Affects Some People
  Priority: ---
 Component: Individual Port(s)
  Assignee: python@FreeBSD.org
  Reporter: henrichhart...@tuta.io
  Assignee: python@FreeBSD.org
 Flags: maintainer-feedback?(python@FreeBSD.org)

I think it would be wise to backport lang/python311 to 2023Q2/quarterly. Python
patch releases are quite stable, and this one has a couple of possible security
fixes.

I believe this also applies to lang/python310.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 270767] lang/python311 backport 3.11.3 to quarterly

2023-04-11 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270767

Graham Perrin  changed:

   What|Removed |Added

   Keywords||security
   Severity|Affects Some People |Affects Many People
 Status|New |Open
   Priority|--- |Normal
 CC||grahamper...@freebsd.org

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 270744] security/vuxml: 20 new entries for vulnerable ports

2023-04-11 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270744

Philip Paeps  changed:

   What|Removed |Added

 Status|Open|In Progress

--- Comment #4 from Philip Paeps  ---
Listing the flavours that currently exist leaves open the possibility that
someone installs a vulnerable package for a future flavour of Python -- one
that does not yet exist at the time the vulnerability is recorded.

The long-term solution would be for "pkg audit" to become aware of flavours.

For now, I think your proposed patch is good enough.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 270744] security/vuxml: 20 new entries for vulnerable ports

2023-04-11 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270744

Philip Paeps  changed:

   What|Removed |Added

   Assignee|ports-b...@freebsd.org  |phi...@freebsd.org

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 270744] security/vuxml: 20 new entries for vulnerable ports

2023-04-11 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270744

--- Comment #5 from commit-h...@freebsd.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/ports/commit/?id=33ab2b4a207f7a41d472f6d94259cc77d634dcb6

commit 33ab2b4a207f7a41d472f6d94259cc77d634dcb6
Author: Hubert Tournier 
AuthorDate: 2023-04-12 04:30:21 +
Commit: Philip Paeps 
CommitDate: 2023-04-12 04:32:25 +

security/vuxml: add another batch of pysec vulnerabilities

Vulnerable Python ports discovered with pysec2vuxml.
See also: .

PR: 270744

 security/vuxml/vuln/2023.xml | 590 +++
 1 file changed, 590 insertions(+)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 270744] security/vuxml: 20 new entries for vulnerable ports

2023-04-11 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270744

Philip Paeps  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|In Progress |Closed

-- 
You are receiving this mail because:
You are on the CC list for the bug.