FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3fcb70a4-e22d-11ea-98b2-080027846a02Python -- multiple vulnerabilities

Python reports:

bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded (CVE-2020-15523).

bpo-41004: CVE-2020-14422: The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address).

bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest(...).


Discovery 2020-06-17
Entry 2020-08-19
python37
< 3.7.9

python36
< 3.6.12

https://docs.python.org/release/3.7.9/whatsnew/changelog.html#changelog
https://docs.python.org/release/3.6.12/whatsnew/changelog.html#changelog
CVE-2020-14422
CVE-2020-15523
0e561173-0fa9-11ec-a2fa-080027948c12Python -- multiple vulnerabilities

Python reports:

bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used on Windows and macOS.

bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection.


Discovery 2021-08-30
Entry 2021-09-07
python36
< 3.6.15

python37
< 3.7.12

https://docs.python.org/3.6/whatsnew/changelog.html#changelog
https://docs.python.org/3.7/whatsnew/changelog.html#changelog