https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-gcx2-gvj7-pxv3 Patches The vulnerability has been fixed in mitmproxy 8.0.0 and above. 15 May 2022: mitmproxy 8.1.0 Mitmproxy now requires Python 3.9 or above. (#5233, @mhils)
Thank you for your report. Pending port and vuxml entry updates
from https://docs.freebsd.org/en/books/porters-handbook/security/#security-notify 12.3. Keeping the Community Informed 12.3.1. The VuXML Database A very important and urgent step to take as early after a security vulnerability is discovered as possible is to notify the community of port users about the jeopardy. Such notification serves two purposes. ... What is the reason that mitmproxy still has no entry in the FreeBSD VuXML database? The trust in the FreeBSD VuXML database suffers if entries are delayed.
Thank you for your the notice. I've send a PR for vuxml database update: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264782.
Creating a vuxml entry is not a reason for for creating a block on this PR. Calling for bugmaster supervision here please.
Mitmproxy 9.0.0 has landed. Time to get rid of this security issue by upgrading the port. https://github.com/mitmproxy/mitmproxy/blob/main/CHANGELOG.md#28-october-2022-mitmproxy-900
Taking over as per the request of lwhsu@
Can you please give a status-report/outlook on the work returning a working py311-mitmproxy to the FreeBSD ports?
^Triage: obsoleted by 264993 (AFAICT).