248751 – security/vuxml: CVE-2019-20907, CVE-2020-14422: Python VuXML updates

Bug 248751 - security/vuxml: CVE-2019-20907, CVE-2020-14422: Python VuXML updates

Summary: security/vuxml: CVE-2019-20907, CVE-2020-14422: Python VuXML updates

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Many People
Assignee:	Wen Heping

URL:
Keywords:	needs-patch, security

Depends on:
Blocks:

Reported:	2020-08-19 13:32 UTC by Mike Walker
Modified:	2020-08-19 15:39 UTC (History)
CC List:	5 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (ports-secteam) koobs: maintainer-feedback? (python)

Attachments
vuln.xml update (1.86 KB, patch) 2020-08-19 13:32 UTC, Mike Walker	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mike Walker 2020-08-19 13:32:42 UTC

Created attachment 217337 [details]
vuln.xml update

See attached patch for vuxml/vuln.xml for the following CVE's & releases for python 3.7 & 3.6:

https://docs.python.org/release/3.7.9/whatsnew/changelog.html#changelog

https://docs.python.org/release/3.6.12/whatsnew/changelog.html#changelog

https://bugs.python.org/issue41004

https://bugs.python.org/issue39017

Comment 1 Li-Wen Hsu freebsd_committer

2020-08-19 14:02:38 UTC

This can be directly handled by the python team.

Comment 2 commit-hook freebsd_committer

2020-08-19 15:30:52 UTC

A commit references this bug:

Author: wen
Date: Wed Aug 19 15:30:10 UTC 2020
New revision: 545334
URL: https://svnweb.freebsd.org/changeset/ports/545334

Log:
  - Document python37 and python36 multiple vulnerabilities

  PR:		248751
  Submitted by:	mwalker@carbonhouse.com

Changes:
  head/security/vuxml/vuln.xml

Comment 3 Wen Heping freebsd_committer

2020-08-19 15:32:33 UTC

Committed with minor change, thank you !

wen