Created attachment 244361 [details] Upgrade to 1.3.2 and fixes CVE-2022-21797 Releases notes available at <https://github.com/joblib/joblib/releases>. Remark: devel/py-threadpoolctl is not listed as a RUN dependency, but several tests fail without it.
Thanks Thierry. Please feel free to commit this change
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=8d1d87e5ef24394f6336a5f8746a11962f1e4e9f commit 8d1d87e5ef24394f6336a5f8746a11962f1e4e9f Author: Thierry Thomas <thierry@FreeBSD.org> AuthorDate: 2023-08-26 14:58:19 +0000 Commit: Thierry Thomas <thierry@FreeBSD.org> CommitDate: 2023-08-28 19:42:48 +0000 devel/py-joblib: upgrade to 1.3.2 This solves CVE-2022-21797. Releases notes available at <https://github.com/joblib/joblib/releases>. Remark: devel/py-threadpoolctl is not listed as a RUN dependency, but several tests fail without it. Security: CVE-2022-21797 PR: 273363 Approved by: skreuzer (maintainer) devel/py-joblib/Makefile | 22 ++++++++-------------- devel/py-joblib/distinfo | 6 +++--- 2 files changed, 11 insertions(+), 17 deletions(-)
Committed, thanks!
A commit in branch 2023Q3 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=2d846a68cd3cae2146da461006dd1297afb3c54c commit 2d846a68cd3cae2146da461006dd1297afb3c54c Author: Thierry Thomas <thierry@FreeBSD.org> AuthorDate: 2023-08-26 14:58:19 +0000 Commit: Thierry Thomas <thierry@FreeBSD.org> CommitDate: 2023-08-29 17:36:09 +0000 devel/py-joblib: upgrade to 1.3.2 This solves CVE-2022-21797. Releases notes available at <https://github.com/joblib/joblib/releases>. Remark: devel/py-threadpoolctl is not listed as a RUN dependency, but several tests fail without it. Security: CVE-2022-21797 PR: 273363 Approved by: skreuzer (maintainer) (cherry picked from commit 8d1d87e5ef24394f6336a5f8746a11962f1e4e9f) devel/py-joblib/Makefile | 22 ++++++++-------------- devel/py-joblib/distinfo | 6 +++--- 2 files changed, 11 insertions(+), 17 deletions(-)