FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 03:12:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
33c05d57-bf6e-11ea-ba1e-0800273f78d3	Python -- multiple vulnerabilities Python reports: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks. Discovery 2019-10-24 Entry 2020-07-06 python37 < 3.7.8 https://docs.python.org/3.7/whatsnew/changelog.html#changelog CVE-2019-18348 CVE-2020-8492

VuXML ID

Description

33c05d57-bf6e-11ea-ba1e-0800273f78d3

Python -- multiple vulnerabilities

Python reports:

The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager.

Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised.

Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks.

Discovery 2019-10-24
Entry 2020-07-06
python37

< 3.7.8

https://docs.python.org/3.7/whatsnew/changelog.html#changelog
CVE-2019-18348
CVE-2020-8492