FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-10-23 17:04:23 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a57472ba-4d84-11ee-bf05-000c29de725bPython -- multiple vulnerabilities

Python reports:

gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data.


Discovery 2023-08-22
Entry 2023-09-07
python38
< 3.8.18

python39
< 3.9.18

python310
< 3.10.13

python311
< 3.11.5

CVE-2023-40217
https://pythoninsider.blogspot.com/2023/08/python-3115-31013-3918-and-3818-is-now.html
e587b52d-38ac-11f0-b7b6-dcfe074bd614cpython -- Use-after-free in "unicode_escape" decoder with error handler

cna@python.org reports:

There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.


Discovery 2025-05-15
Entry 2025-05-24
python39
< 3.9.22_1

python310
< 3.10.17_1

python311
< 3.11.12_1

python312
< 3.12.10_1

CVE-2025-4516
https://nvd.nist.gov/vuln/detail/CVE-2025-4516