FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-12-08 21:19:55 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
e587b52d-38ac-11f0-b7b6-dcfe074bd614	cpython -- Use-after-free in "unicode_escape" decoder with error handler cna@python.org reports: There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore\|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError. Discovery 2025-05-15 Entry 2025-05-24 python39 < 3.9.22_1 python310 < 3.10.17_1 python311 < 3.11.12_1 python312 < 3.12.10_1 CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516
613d0f9e-d477-11f0-9e85-03ddfea11990	python -- several vulnerabilities Hugo van Kemenade reports: Python 3.14.2 and 3.13.11 are now available [... and] come with some bonus security fixes. gh-142145: Remove quadratic behavior in node ID cache clearing (CVE-2025-12084) gh-119451: Fix a potential denial of service in http.client [only in 3.13; CVE-2025-13836] gh-119452: Fix a potential virtual memory allocation denial of service in http.server [affects platforms without fork()] Discovery 2024-05-23 Entry 2025-12-08 python39 >= 0 python310 >= 0 python311 >= 0 python312 >= 0 python313 >= 3.13.0 lt 3.13.11 python314 >= 3.14.0 lt 3.14.2 CVE-2025-12084 CVE-2025-13836 https://pythoninsider.blogspot.com/2025/12/python-3142-and-31311-are-now-available.html https://github.com/python/cpython/issues/142145 https://github.com/python/cpython/issues/119451 https://github.com/python/cpython/issues/119452 https://docs.python.org/release/3.14.2/whatsnew/changelog.html https://docs.python.org/release/3.13.11/whatsnew/changelog.html

VuXML ID

Description

e587b52d-38ac-11f0-b7b6-dcfe074bd614

cpython -- Use-after-free in "unicode_escape" decoder with error handler

cna@python.org reports:

There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.

Discovery 2025-05-15
Entry 2025-05-24
python39

< 3.9.22_1

python310

< 3.10.17_1

python311

< 3.11.12_1

python312

< 3.12.10_1

CVE-2025-4516
https://nvd.nist.gov/vuln/detail/CVE-2025-4516

613d0f9e-d477-11f0-9e85-03ddfea11990

python -- several vulnerabilities

Hugo van Kemenade reports:

Python 3.14.2 and 3.13.11 are now available [... and] come with some bonus security fixes.

gh-142145: Remove quadratic behavior in node ID cache clearing (CVE-2025-12084)

gh-119451: Fix a potential denial of service in http.client [only in 3.13; CVE-2025-13836]

gh-119452: Fix a potential virtual memory allocation denial of service in http.server [affects platforms without fork()]

Discovery 2024-05-23
Entry 2025-12-08
python39

>= 0

python310

>= 0

python311

>= 0

python312

>= 0

python313

>= 3.13.0 lt 3.13.11

python314

>= 3.14.0 lt 3.14.2

CVE-2025-12084
CVE-2025-13836
https://pythoninsider.blogspot.com/2025/12/python-3142-and-31311-are-now-available.html
https://github.com/python/cpython/issues/142145
https://github.com/python/cpython/issues/119451
https://github.com/python/cpython/issues/119452
https://docs.python.org/release/3.14.2/whatsnew/changelog.html
https://docs.python.org/release/3.13.11/whatsnew/changelog.html