FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a57472ba-4d84-11ee-bf05-000c29de725bPython -- multiple vulnerabilities

Python reports:

gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data.


Discovery 2023-08-22
Entry 2023-09-07
python38
< 3.8.18

python39
< 3.9.18

python310
< 3.10.13

python311
< 3.11.5

CVE-2023-40217
https://pythoninsider.blogspot.com/2023/08/python-3115-31013-3918-and-3818-is-now.html
d86becfe-05a4-11ee-9d4a-080027eda32cPython -- multiple vulnerabilities

Python reports:

gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 fixed previously in 1.1.1t (gh-101727).

gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329.

gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified.

gh-104049: Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler.

gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe when launching with shell=True.

gh-103935: trace.__main__ now uses io.open_code() for files to be executed instead of raw open().

gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have a new filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory.

gh-102126: Fixed a deadlock at shutdown when clearing thread states if any finalizer tries to acquire the runtime head lock.

gh-100892: Fixed a crash due to a race while iterating over thread states in clearing threading.local.


Discovery 2022-06-08
Entry 2023-06-08
python37
< 3.7.17

python38
< 3.8.17

python39
< 3.9.17

python310
< 3.10.12

python311
< 3.11.4

CVE-2022-4303
CVE-2023-2650
CVE-2023-0286
CVE-2023-0464
CVE-2023-0465
CVE-2023-0466
CVE-2023-24329
https://pythoninsider.blogspot.com/2023/06/python-3114-31012-3917-3817-3717-and.html