FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-16 08:18:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
0fe70bcd-2ce3-46c9-a64b-4a7da097db07	python -- possible integer overflow vulnerability Python issue: There is a possible integer overflow in PyString_DecodeEscape function of the file stringobject.c, which can be abused to gain a heap overflow, possibly leading to arbitrary code execution. Discovery 2017-06-03 Entry 2018-02-11 python34 < 3.4.8 python35 < 3.5.5 https://bugs.python.org/issue30657 https://docs.python.org/3.4/whatsnew/changelog.html https://docs.python.org/3.5/whatsnew/changelog.html CVE-2017-1000158
8d5368ef-40fe-11e6-b2ec-b499baebfeaf	Python -- smtplib StartTLS stripping vulnerability Red Hat reports: A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end (smtp server) is capable of negotiating starttls but fails to respond with 220 (ok) to an explicit call of SMTP.starttls(). This may allow a malicious MITM to perform a startTLS stripping attack if the client code does not explicitly check the response code for startTLS. Discovery 2016-06-14 Entry 2016-07-03 python27 < 2.7.12 python33 > 0 python34 < 3.4.5 python35 < 3.5.2 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0772 CVE-2016-0772

VuXML ID

Description

0fe70bcd-2ce3-46c9-a64b-4a7da097db07

python -- possible integer overflow vulnerability

Python issue:

There is a possible integer overflow in PyString_DecodeEscape function of the file stringobject.c, which can be abused to gain a heap overflow, possibly leading to arbitrary code execution.

Discovery 2017-06-03
Entry 2018-02-11
python34

< 3.4.8

python35

< 3.5.5

https://bugs.python.org/issue30657
https://docs.python.org/3.4/whatsnew/changelog.html
https://docs.python.org/3.5/whatsnew/changelog.html
CVE-2017-1000158

8d5368ef-40fe-11e6-b2ec-b499baebfeaf

Python -- smtplib StartTLS stripping vulnerability

Red Hat reports:

A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end (smtp server) is capable of negotiating starttls but fails to respond with 220 (ok) to an explicit call of SMTP.starttls(). This may allow a malicious MITM to perform a startTLS stripping attack if the client code does not explicitly check the response code for startTLS.

Discovery 2016-06-14
Entry 2016-07-03
python27

< 2.7.12

python33

> 0

python34

< 3.4.5

python35

< 3.5.2

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0772
CVE-2016-0772