FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-06-06 18:03:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
e587b52d-38ac-11f0-b7b6-dcfe074bd614	cpython -- Use-after-free in "unicode_escape" decoder with error handler cna@python.org reports: There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore\|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError. Discovery 2025-05-15 Entry 2025-05-24 python39 < 3.9.22_1 python310 < 3.10.17_1 python311 < 3.11.12_1 python312 < 3.12.10_1 CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516
a57472ba-4d84-11ee-bf05-000c29de725b	Python -- multiple vulnerabilities Python reports: gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Discovery 2023-08-22 Entry 2023-09-07 python38 < 3.8.18 python39 < 3.9.18 python310 < 3.10.13 python311 < 3.11.5 CVE-2023-40217 https://pythoninsider.blogspot.com/2023/08/python-3115-31013-3918-and-3818-is-now.html

VuXML ID

Description

e587b52d-38ac-11f0-b7b6-dcfe074bd614

cpython -- Use-after-free in "unicode_escape" decoder with error handler

cna@python.org reports:

There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.

Discovery 2025-05-15
Entry 2025-05-24
python39

< 3.9.22_1

python310

< 3.10.17_1

python311

< 3.11.12_1

python312

< 3.12.10_1

CVE-2025-4516
https://nvd.nist.gov/vuln/detail/CVE-2025-4516

a57472ba-4d84-11ee-bf05-000c29de725b

Python -- multiple vulnerabilities

Python reports:

gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data.

Discovery 2023-08-22
Entry 2023-09-07
python38

< 3.8.18

python39

< 3.9.18

python310

< 3.10.13

python311

< 3.11.5

CVE-2023-40217
https://pythoninsider.blogspot.com/2023/08/python-3115-31013-3918-and-3818-is-now.html